EUVD-2004-1382

Malware in sbrugna...

GLSA-200501-08 : phpGroupWare: Various vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200501-08 phpGroupWare: Various vulnerabilities Several flaws were discovered in phpGroupWare making it vulnerable to cross-site scripting attacks, SQL injection, and full path disclosure. Impact : These vulnerabilities could allo...

CVE-2004-1384

Multiple cross-site scripting XSS vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 kp3, 2 type, 3 msg, 4 forumid, 5 pos, 6 catsapp, 7 catid, 8 msgballmsgnum, 9 fldballacctnum parameters to index.php or 10 ticketid to...

phpGroupWare: Various vulnerabilities

Background phpGroupWare is a web-based suite of group applications including a calendar, todo-list, addressbook, email, wiki, news headlines, and a file manager. Description Several flaws were discovered in phpGroupWare making it vulnerable to cross-site scripting attacks, SQL injection, and full...

CVE-2004-1383

Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the 1 order, 2 projectid, 3 promain, or 4 hoursid parameters to index.php or 5 ticketid to viewticketdetails.php...

CVE-2004-1384

Multiple cross-site scripting XSS vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 kp3, 2 type, 3 msg, 4 forumid, 5 pos, 6 catsapp, 7 catid, 8 msgballmsgnum, 9 fldballacctnum parameters to index.php or 10 ticketid to...

CVE-2004-1384

Multiple cross-site scripting XSS vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 kp3, 2 type, 3 msg, 4 forumid, 5 pos, 6 catsapp, 7 catid, 8 msgballmsgnum, 9 fldballacctnum parameters to index.php or 10 ticketid to...

phpGroupWare.txt

GulfTech Security Research December 14th, 2004 Vendor : phpGroupWare URL : http://www.phpgroupware.org Version : phpGroupWare 0.9.16.003 Risk : Multiple Vulnerabilities Description: phpGroupWare formerly known as webdistro is a multi-user groupware suite written in PHP. It provides a Web-based...

CVE-2004-0875

Multiple cross-site scripting XSS vulnerabilities in Phpgroupware aka webdistro 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module...

phpGroupWare <= 0.9.16.003 Multiple Vulnerabilities

The remote host seems to be running PhpGroupWare, a multi-user groupware suite written in PHP. The remote version of this software is vulnerable to multiple issues : - A cross-site scripting issue may allow an attacker to steal the credentials of third-party users of the remote host. CVE-2004-138...

phpGroupWare 0.9.x - &#039;viewticket_details.php?ticket_id&#039; SQL Injection

source: https://www.securityfocus.com/bid/11952/info Reportedly PHPGroupWare contains multiple input validation vulnerabilities; it is prone to multiple SQL injection and cross-site scripting issues. These issues are all due to a failure of the application to properly sanitize user-supplied input...

phpGroupWare 0.9.x - &#039;index.php&#039; Multiple SQL Injections

source: https://www.securityfocus.com/bid/11952/info Reportedly PHPGroupWare contains multiple input validation vulnerabilities; it is prone to multiple SQL injection and cross-site scripting issues. These issues are all due to a failure of the application to properly sanitize user-supplied input...

phpGroupWare 0.9.x - &#039;viewticket_details.php?ticket_id&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/11952/info Reportedly PHPGroupWare contains multiple input validation vulnerabilities; it is prone to multiple SQL injection and cross-site scripting issues. These issues are all due to a failure of the application to properly sanitize user-supplied input...

Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ]

GulfTech Security Research December 14th, 2004 Vendor : phpGroupWare URL : http://www.phpgroupware.org Version : phpGroupWare 0.9.16.003 Risk : Multiple Vulnerabilities Description: phpGroupWare formerly known as webdistro is a multi-user groupware suite written in PHP. It provides a Web-based...

PHPGroupWare Multiple XSS and SQL Injection Vulnerabilities

Binary data 2457.prm...

Debian DSA-419-1 : phpgroupware - missing filename sanitising, SQL injection

The authors of phpgroupware, a web-based groupware system written in PHP, discovered several vulnerabilities. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2004-0016 In the 'calendar' module, 'save extension' was not enforced for holiday files. As a...

CVE-2004-0875

Multiple cross-site scripting XSS vulnerabilities in Phpgroupware aka webdistro 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module...

phpGroupWare index.php Addressbook XSS

The remote host seems to be running PhpGroupWare, a multi-user groupware suite written in PHP. This version is reportedly prone to multiple HTML injection vulnerabilities. The issues present themselves due to a lack of sufficient input validation performed on form fields used by PHPGroupWare...

phpGroupWare Multiple Module SQL Injection

The remote host seems to be running PhpGroupWare, a multi-user groupware suite written in PHP. It has been reported that this version may be prone to multiple SQL injection vulnerabilities in the 'calendar' and 'infolog' modules. The problems exist due to insufficient sanitization of user-supplie...

Mandrake Linux Security Advisory : phpgroupware (MDKSA-2003:077)

Several vulnerabilities were discovered in all versions of phpgroupware prior to 0.9.14.006. This latest version fixes an exploitable condition in all versions that can be exploited remotely without authentication and can lead to arbitrary code execution on the web server. This vulnerability is...