Total
27 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0016 | 1 Phpgroupware | 1 Phpgroupware | 2023-12-10 | 7.5 HIGH | N/A |
The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files. | |||||
CVE-2004-1384 | 1 Phpgroupware | 1 Phpgroupware | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_id, (5) pos, (6) cats_app, (7) cat_id, (8) msgball[msgnum], (9) fldball[acctnum] parameters to index.php or (10) ticket_id to viewticket_details.php. | |||||
CVE-2003-0657 | 1 Phpgroupware | 1 Phpgroupware | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions. | |||||
CVE-2002-0536 | 1 Phpgroupware | 1 Phpgroupware | 2023-12-10 | 7.5 HIGH | N/A |
PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack. | |||||
CVE-2001-0043 | 1 Phpgroupware | 1 Phpgroupware | 2023-12-10 | 10.0 HIGH | N/A |
phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program. | |||||
CVE-2004-0875 | 1 Phpgroupware | 1 Phpgroupware | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware (aka webdistro) 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module. | |||||
CVE-2004-0017 | 1 Phpgroupware | 1 Phpgroupware | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations. |