267 matches found
phpGroupWare 0.9.x viewticket_details.php ticket_id Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/11952/info Reportedly PHPGroupWare contains multiple input validation vulnerabilities; it is prone to multiple SQL injection and cross-site scripting issues. These issues are all due to a failure of the application to...
phpGroupWare <= 0.9.16.010 GLOBALS[] Remote Code Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? / this works against registerglobals=On and magic quotes = off : /str0ke / / vulnerable code = calendar/inc/class.holidaycalc.inc.php line 14-33: .... / $Id: class.holidaycalc.inc.php,v 1.5 2001/08/26 12:32:28 skeeter Exp $ ...
PHPGroupWare <= 0.9.16.016 phpgwapi/inc/多个SQL注入漏洞
BUGTRAQ ID: 40168 CVE ID: CVE-2010-0404 phpGroupWare是一个用PHP编写的多用户的网络组件,为开发其他程序提供了一个API。 phpGroupWare phpgwapi/inc/目录下的多个脚本没有正确的过滤用户所提交参数,远程攻击者可以通过提交恶意查询请求执行SQL注入攻击。 1 没有正确地过滤提交给多个脚本的sessionid参数便在phpgwapi/inc/class.sessionsdb.inc.php的SQL查询中使用。 2...
phpGroupWare app参数本地文件包含漏洞
BUGTRAQ ID: 40167 CVE ID: CVE-2010-0403 phpGroupWare是一个用PHP编写的多用户的网络组件,为开发其他程序提供了一个API。 在设置了sessionid和kp3的情况下,phpGroupWare没有正确地过滤提交给about.php页面的app参数便用于包含文件,远程攻击者可以通过提交包含有目录遍历序列的特制请求包含本地资源的任意文件,导致信息泄露。 PHPGroupWare 0.9.16.016 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-2046-1)以及相应补丁:...
CVE-2010-0404
Multiple SQL injection vulnerabilities in phpGroupWare phpgw before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to 1 class.sessionsdb.inc.php, 2 class.translationsql.inc.php, or 3 class.authsql.inc.php in phpgwapi/inc/...
CVE-2010-0403
Directory traversal vulnerability in about.php in phpGroupWare phpgw before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the app parameter...
Sql injection
Multiple SQL injection vulnerabilities in phpGroupWare phpgw before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to 1 class.sessionsdb.inc.php, 2 class.translationsql.inc.php, or 3 class.authsql.inc.php in phpgwapi/inc/...
Directory traversal
Directory traversal vulnerability in about.php in phpGroupWare phpgw before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the app parameter...
CVE-2010-0404
Multiple SQL injection vulnerabilities in phpGroupWare phpgw before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to 1 class.sessionsdb.inc.php, 2 class.translationsql.inc.php, or 3 class.authsql.inc.php in phpgwapi/inc/...
phpGroupWare <= 0.9.16.015 SQL Injection Vulnerability
Exploit for php platform in category web applications ====================================================== phpGroupWare = 0.9.16.015 SQL Injection Vulnerability ====================================================== I. BACKGROUND --------------------- "phpGroupWare is a fully featured, web base...
CVE-2010-0404
Multiple SQL injection vulnerabilities in phpGroupWare phpgw before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to 1 class.sessionsdb.inc.php, 2 class.translationsql.inc.php, or 3 class.authsql.inc.php in phpgwapi/inc/...
CVE-2010-0403
CVE-2010-0403 affects phpGroupWare (phpgw) up to version 0.9.16.015; a directory traversal flaw in about.php allows remote attackers to include arbitrary local files via the app parameter, enabling Local File Inclusion. Debian/OpenVAS references indicate additional SQL injection issues and confir...
CVE-2010-0403
Directory traversal vulnerability in about.php in phpGroupWare phpgw before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the app parameter...
CVE-2010-0404
CVE-2010-0404 refers to multiple SQL injection vulnerabilities in phpGroupWare (phpgw) up to version 0.9.16.015, exploitable via unsafely handled input to phpgwapi/inc/class.sessions_db.inc.php, class.translation_sql.inc.php, and class.auth_sql.inc.php. The issues allow remote attackers to inject...
phpGroupWare Multiple Vulnerabilities
phpGroupWare is prone to multiple SQL-injection vulnerabilities and to a Local File Include Vulnerability because it fails to sufficiently sanitize user-supplied data before using it. Exploiting these issues could allow an attacker to compromise the application, access or modify data, exploit...
phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)
I. BACKGROUND --------------------- "phpGroupWare is a fully featured, web based messaging, collaboration and enterprise management platform. phpGroupWare comes with over 50 applications that can be mixed and matched according to your needs. Around the world tens of thousands of people use...
PHPGroupWare < 0.9.16.016 Multiple Vulnerabilities
Binary data 5545.prm...
phpGroupWare Multiple Vulnerabilities
phpGroupWare is prone to multiple SQL-injection vulnerabilities and to a Local File Include Vulnerability because it fails to sufficiently sanitize user-supplied data before using it. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, an...
Debian DSA-2046-1 : phpgroupware - several vulnerabilities
Several remote vulnerabilities have been discovered in phpgroupware, a Web-based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0403 A local file inclusion vulnerability allows remote attackers to execute arbitrary...
[SECURITY] [DSA-2046-1] New phpgroupware packages fix several vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-2046-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano May 13, 2010 http://www.debian.org/security/faq -...