GLSA-200508-20 : phpGroupWare: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200508-20 phpGroupWare: Multiple vulnerabilities phpGroupWare improperly validates the 'mid' parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disable...

Land Down Under <= 800 Multiple Vulnerabilities

The remote version of Land Down Under is prone to various SQL injection and cross-site scripting attacks provided PHP's 'magicquotes' setting is disabled due to its failure to sanitize the request URI before using it in 'system/functions.php' in the function 'ldulog'. A malicious user may be able...

phpGroupWare: Multiple vulnerabilities

Background phpGroupWare is a multi-user groupware suite written in PHP. Description phpGroupWare improperly validates the "mid" parameter retrieved via a forum post. The current version of phpGroupWare also adds several safeguards to prevent XSS issues, and disables the use of a potentially...

CVE-2005-2600

CVE-2005-2600 is described in connected sources as a vulnerability in the tree view of FUD Forum Bulletin Board Software (also present in phpgroupware/egroupware imports) that allows remote attackers to read private posts by modifying the mid parameter. The OpenVAS entries reference this CVE with...

CVE-2005-2600

FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter...

CVE-2005-2600

FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter...

CVE-2004-2639

Unspecified vulnerability in Journalness 3.0.7 and earlier allows remote attackers to create or modify posts via unknown attack vectors...

phpbbquoteflaw.txt

Affected Software: phpBB 2.x tested on 2.0.4 and 2.0.8, untested on later versions Vulnerability: flaw in code handling the quoting of posts. Severity: Low Discovered by: Matt Benenati +Details+ ========= This flaw could allow a malicious user to alter the alignment and layout of any posts in the...

GeekLog 1.3.x - HTML Injection

GeekLog 1.3.x - HTML Injection source: https://www.securityfocus.com/bid/8792/info Geeklog has been reported prone to multiple HTML Injection vulnerabilities. The issues have been reported to present themselves due to a lack of sufficient sanitization performed on data that is parsed from forum...

NPDS 4.8 - News Message HTML Injection

source: https://www.securityfocus.com/bid/5797/info Problems with NPDS could make it possible to execute arbitrary script code in a vulnerable client. NPDS does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that contains...