CVE-2008-4305

Static code injection vulnerability in installation/setup.php in phpCollab 2.5 rc3 and earlier allows remote authenticated administrators to inject arbitrary PHP code into include/settings.php via the URI...

CVE-2008-4303

Multiple SQL injection vulnerabilities in phpCollab 2.5 rc3, 2.4, and earlier allow remote attackers to execute arbitrary SQL commands via the loginForm parameter to general/login.php, and unspecified other vectors...

CVE-2008-4304

general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSLCLIENTCERT environment variable. NOTE: in some environments, SSLCLIENTCERT always has a base64-encoded string value, which may...

Design/Logic Flaw

general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSLCLIENTCERT environment variable. NOTE: in some environments, SSLCLIENTCERT always has a base64-encoded string value, which may...

Code injection

Static code injection vulnerability in installation/setup.php in phpCollab 2.5 rc3 and earlier allows remote authenticated administrators to inject arbitrary PHP code into include/settings.php via the URI...

Sql injection

Multiple SQL injection vulnerabilities in phpCollab 2.5 rc3, 2.4, and earlier allow remote attackers to execute arbitrary SQL commands via the loginForm parameter to general/login.php, and unspecified other vectors...

CVE-2008-4304

general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSLCLIENTCERT environment variable. NOTE: in some environments, SSLCLIENTCERT always has a base64-encoded string value, which may...

CVE-2008-4303

CVE-2008-4303 affects phpCollab 2.5 rc3, 2.4 and earlier. The vulnerability arises from unsanitized input in general/login.php via the loginForm parameter (and unspecified other vectors), enabling remote attackers to execute arbitrary SQL commands. The NVD entry lists the impact as remote SQL inj...

CVE-2008-4303

Multiple SQL injection vulnerabilities in phpCollab 2.5 rc3, 2.4, and earlier allow remote attackers to execute arbitrary SQL commands via the loginForm parameter to general/login.php, and unspecified other vectors...

CVE-2008-4305

Static code injection vulnerability in installation/setup.php in phpCollab 2.5 rc3 and earlier allows remote authenticated administrators to inject arbitrary PHP code into include/settings.php via the URI...

CVE-2008-4305

CVE-2008-4305 affects phpCollab 2.5 rc3 and earlier. The issue is a static code injection in installation/setup.php, allowing remote authenticated administrators to inject arbitrary PHP code into include/settings.php via the URI. The NVD entry confirms a static code injection vulnerability with i...

CVE-2008-4304

CVE-2008-4304 affects phpCollab 2.5 rc3 and older, where general/login.php can allow remote code execution via shell metacharacters in input related to SSL_CLIENT_CERT. The root cause is improper sanitization of the SSL_CLIENT_CERT usage in a shell command, enabling an attacker to run arbitrary c...

Gentoo Security Advisory GLSA 200812-20 (phpcollab)

The remote host is missing updates announced in advisory GLSA 200812-20. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200812-20 (phpcollab)

The remote host is missing updates announced in advisory GLSA 200812-20. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-200812-20 : phpCollab: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200812-20 phpCollab: Multiple vulnerabilities Multiple vulnerabilities have been found in phpCollab: rgod reported that data sent to general/sendpassword.php via the loginForm parameter is not properly sanitized before being used ...

phpCollab: Multiple vulnerabilities

Background phpCollab is a web-enabled groupware and project management software written in PHP. It uses SQL-based database backends. Description Multiple vulnerabilities have been found in phpCollab: rgod reported that data sent to general/sendpassword.php via the loginForm parameter is not...

CVE-2006-1495

SQL injection vulnerability in general/sendpassword.php in 1 PHPCollab 2.4 and 2.5.rc3, and 2 NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote attackers to execute arbitrary SQL commands via the loginForm parameter in the "forgotten password" option...

Sql injection

SQL injection vulnerability in general/sendpassword.php in 1 PHPCollab 2.4 and 2.5.rc3, and 2 NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote attackers to execute arbitrary SQL commands via the loginForm parameter in the "forgotten password" option...

CVE-2006-1495

SQL injection vulnerability in general/sendpassword.php in 1 PHPCollab 2.4 and 2.5.rc3, and 2 NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote attackers to execute arbitrary SQL commands via the loginForm parameter in the "forgotten password" option...

CVE-2006-1495

CVE-2006-1495 describes an SQL injection in general/sendpassword.php (forgotten password flow) affecting PHPCollab 2.4 and 2.5.rc3, and NetOffice 2.5.3-pl1 and 2.6.0b2. The issue stems from unsanitized loginForm input used in an SQL statement, enabling remote attackers to execute arbitrary SQL co...