EUVD-2001-0043

Malware in sbrugna...

EUVD-2004-0016

Malware in sbrugna...

EUVD-2009-4381

Malware in sbrugna...

EUVD-2004-2564

Malware in sbrugna...

EUVD-2004-2398

Malware in sbrugna...

EUVD-2004-2566

Malware in sbrugna...

CVE-2004-2575

phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a direct request to 1 hookadmin.inc.php, 2 hookhome.inc.php, 3 class.holidaycalc.inc.php, and 4 setup.inc.php.sample, which reveals the path in an error message...

CVE-2004-2577

The aclcheck function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files, and possibly has other unknown impacts...

CVE-2004-2406

Unknown "overflow" in the phpgwconfig table for phpGroupWare before 0.9.14.002 has unknown attack vectors and impact...

DTSA-58-1 phpgroupware - cross scripting vulnerability

Bulletin has no description...

CVE-2006-4458

CVE-2006-4458 describes a directory traversal in phpGroupWare up to version 0.9.16.010 where an attacker can cause arbitrary local file inclusion via a crafted GLOBALS[phpgw_info][user][preferences][common][country] parameter containing a .. sequence followed by a null byte (%00). The affected co...

phpGroupWare index.php Calendar Date XSS

The version of PhpGroupWare on the remote host is reportedly affected by HTML injection vulnerabilities that present themselves due to a lack of sufficient input validation performed on form fields used by PhpGroupWare modules. A malicious attacker may exploit these issues to inject arbitrary HTM...

CVE-2004-2574

Cross-site scripting XSS vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction...

CVE-2004-1385

phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via 1 unexpected characters in the session ID such as shell metacharacters, 2 an invalid appname parameter to preferences.php or 3 an invalid menuaction parameter to index.php, which reveals the web server...

CVE-2004-2407

Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality...

phpGroupWare phpgw.inc.php phpgw_info Parameter Remote File Inclusion

The version of PhpGroupWare hosted on the remote web server has a vulnerability that may permit remote attackers to execute arbitrary commands through the 'phpgwinfo' parameter of the 'phpgw.inc.php' script, resulting in a loss of integrity. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

GLSA-200409-22 : phpGroupWare: XSS vulnerability in wiki module

The remote host is affected by the vulnerability described in GLSA-200409-22 phpGroupWare: XSS vulnerability in wiki module Due to an input validation error, the wiki module in the phpGroupWare suite is vulnerable to cross site scripting attacks. Impact : This vulnerability gives an attacker the...

PHPGroupWare < 0.9.16.003 Wiki Module XSS

Binary data 2269.prm...

CVE-2004-0016

The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files...

phpGroupWare 0.9.14 - Tables_Update.Inc.php Remote File Inclusion

phpGroupWare 0.9.14 - TablesUpdate.Inc.php Remote File Inclusion source: https://www.securityfocus.com/bid/12074/info phpGroupWare is prone to a remote file include vulnerability, potentially allowing the execution of malicious PHP code. This would occur in the context of the affected web server...