Lucene search
K

267 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

phpGroupWare 0.9.x viewticket_details.php ticket_id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/11952/info Reportedly PHPGroupWare contains multiple input validation vulnerabilities; it is prone to multiple SQL injection and cross-site scripting issues. These issues are all due to a failure of the application to...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

phpGroupWare <= 0.9.16.010 GLOBALS[] Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? / this works against registerglobals=On and magic quotes = off : /str0ke / / vulnerable code = calendar/inc/class.holidaycalc.inc.php line 14-33: .... / $Id: class.holidaycalc.inc.php,v 1.5 2001/08/26 12:32:28 skeeter Exp $ ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2010/05/21 12:0 a.m.45 views

PHPGroupWare <= 0.9.16.016 phpgwapi/inc/多个SQL注入漏洞

BUGTRAQ ID: 40168 CVE ID: CVE-2010-0404 phpGroupWare是一个用PHP编写的多用户的网络组件,为开发其他程序提供了一个API。 phpGroupWare phpgwapi/inc/目录下的多个脚本没有正确的过滤用户所提交参数,远程攻击者可以通过提交恶意查询请求执行SQL注入攻击。 1 没有正确地过滤提交给多个脚本的sessionid参数便在phpgwapi/inc/class.sessionsdb.inc.php的SQL查询中使用。 2...

7.5CVSS0.2AI score0.0233EPSS
Exploits1
seebug.org
seebug.org
added 2010/05/21 12:0 a.m.47 views

phpGroupWare app参数本地文件包含漏洞

BUGTRAQ ID: 40167 CVE ID: CVE-2010-0403 phpGroupWare是一个用PHP编写的多用户的网络组件,为开发其他程序提供了一个API。 在设置了sessionid和kp3的情况下,phpGroupWare没有正确地过滤提交给about.php页面的app参数便用于包含文件,远程攻击者可以通过提交包含有目录遍历序列的特制请求包含本地资源的任意文件,导致信息泄露。 PHPGroupWare 0.9.16.016 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-2046-1)以及相应补丁:...

6.8CVSS0.1AI score0.01977EPSS
Exploits2
NVD
NVD
added 2010/05/19 12:8 p.m.13 views

CVE-2010-0404

Multiple SQL injection vulnerabilities in phpGroupWare phpgw before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to 1 class.sessionsdb.inc.php, 2 class.translationsql.inc.php, or 3 class.authsql.inc.php in phpgwapi/inc/...

7.5CVSS8.4AI score0.0233EPSS
Exploits1References9
NVD
NVD
added 2010/05/19 12:8 p.m.17 views

CVE-2010-0403

Directory traversal vulnerability in about.php in phpGroupWare phpgw before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the app parameter...

6.8CVSS6.9AI score0.01977EPSS
Exploits2References11
Prion
Prion
added 2010/05/19 12:8 p.m.11 views

Sql injection

Multiple SQL injection vulnerabilities in phpGroupWare phpgw before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to 1 class.sessionsdb.inc.php, 2 class.translationsql.inc.php, or 3 class.authsql.inc.php in phpgwapi/inc/...

7.5CVSS9.1AI score0.0233EPSS
Exploits1References9Affected Software1
Prion
Prion
added 2010/05/19 12:8 p.m.13 views

Directory traversal

Directory traversal vulnerability in about.php in phpGroupWare phpgw before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the app parameter...

6.8CVSS7.5AI score0.01977EPSS
Exploits2References11Affected Software1
UbuntuCve
UbuntuCve
added 2010/05/19 12:8 p.m.19 views

CVE-2010-0404

Multiple SQL injection vulnerabilities in phpGroupWare phpgw before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to 1 class.sessionsdb.inc.php, 2 class.translationsql.inc.php, or 3 class.authsql.inc.php in phpgwapi/inc/...

7.5CVSS6.2AI score0.0233EPSS
Exploits1References1
0day.today
0day.today
added 2010/05/19 12:0 a.m.34 views

phpGroupWare <= 0.9.16.015 SQL Injection Vulnerability

Exploit for php platform in category web applications ====================================================== phpGroupWare = 0.9.16.015 SQL Injection Vulnerability ====================================================== I. BACKGROUND --------------------- "phpGroupWare is a fully featured, web base...

7.1AI score0.01977EPSS
Exploits2
Cvelist
Cvelist
added 2010/05/18 3:29 p.m.18 views

CVE-2010-0404

Multiple SQL injection vulnerabilities in phpGroupWare phpgw before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to 1 class.sessionsdb.inc.php, 2 class.translationsql.inc.php, or 3 class.authsql.inc.php in phpgwapi/inc/...

8.3AI score0.0233EPSS
Exploits1References9
CVE
CVE
added 2010/05/18 3:29 p.m.67 views

CVE-2010-0403

CVE-2010-0403 affects phpGroupWare (phpgw) up to version 0.9.16.015; a directory traversal flaw in about.php allows remote attackers to include arbitrary local files via the app parameter, enabling Local File Inclusion. Debian/OpenVAS references indicate additional SQL injection issues and confir...

6.8CVSS7AI score0.01977EPSS
Exploits2References11Affected Software1
Cvelist
Cvelist
added 2010/05/18 3:29 p.m.19 views

CVE-2010-0403

Directory traversal vulnerability in about.php in phpGroupWare phpgw before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the app parameter...

6.8AI score0.01977EPSS
Exploits2References11
CVE
CVE
added 2010/05/18 3:29 p.m.51 views

CVE-2010-0404

CVE-2010-0404 refers to multiple SQL injection vulnerabilities in phpGroupWare (phpgw) up to version 0.9.16.015, exploitable via unsafely handled input to phpgwapi/inc/class.sessions_db.inc.php, class.translation_sql.inc.php, and class.auth_sql.inc.php. The issues allow remote attackers to inject...

7.5CVSS8.5AI score0.0233EPSS
Exploits1References9Affected Software1
OpenVAS
OpenVAS
added 2010/05/17 12:0 a.m.24 views

phpGroupWare Multiple Vulnerabilities

phpGroupWare is prone to multiple SQL-injection vulnerabilities and to a Local File Include Vulnerability because it fails to sufficiently sanitize user-supplied data before using it. Exploiting these issues could allow an attacker to compromise the application, access or modify data, exploit...

7.5CVSS0.1AI score0.0233EPSS
Exploits3References3
securityvulns
securityvulns
added 2010/05/17 12:0 a.m.75 views

phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities &#40;CVE-2010-0403 and CVE-2010-0404&#41;

I. BACKGROUND --------------------- "phpGroupWare is a fully featured, web based messaging, collaboration and enterprise management platform. phpGroupWare comes with over 50 applications that can be mixed and matched according to your needs. Around the world tens of thousands of people use...

6.8CVSS7.5AI score0.0233EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2010/05/17 12:0 a.m.17 views

PHPGroupWare < 0.9.16.016 Multiple Vulnerabilities

Binary data 5545.prm...

7.5CVSS7.3AI score0.0233EPSS
Exploits3References3
OpenVAS
OpenVAS
added 2010/05/17 12:0 a.m.18 views

phpGroupWare Multiple Vulnerabilities

phpGroupWare is prone to multiple SQL-injection vulnerabilities and to a Local File Include Vulnerability because it fails to sufficiently sanitize user-supplied data before using it. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, an...

7.5CVSS6.4AI score0.0233EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2010/05/17 12:0 a.m.26 views

Debian DSA-2046-1 : phpgroupware - several vulnerabilities

Several remote vulnerabilities have been discovered in phpgroupware, a Web-based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0403 A local file inclusion vulnerability allows remote attackers to execute arbitrary...

7.5CVSS6.4AI score0.0233EPSS
Exploits3References5
Debian
Debian
added 2010/05/13 8:14 p.m.38 views

[SECURITY] [DSA-2046-1] New phpgroupware packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-2046-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano May 13, 2010 http://www.debian.org/security/faq -...

7.5CVSS7.9AI score0.0233EPSS
Exploits3
Rows per page
Query Builder