Filtered by vendor Phpgroupware
Subscribe
Total
27 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-2577 | 1 Phpgroupware | 1 Phpgroupware | 2008-09-05 | 5.0 MEDIUM | N/A |
The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files, and possibly has other unknown impacts. | |||||
CVE-2004-2573 | 1 Phpgroupware | 1 Phpgroupware | 2008-09-05 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter. | |||||
CVE-2004-2407 | 1 Phpgroupware | 1 Phpgroupware | 2008-09-05 | 10.0 HIGH | N/A |
Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality. | |||||
CVE-2004-0017 | 1 Phpgroupware | 1 Phpgroupware | 2008-09-05 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations. | |||||
CVE-2003-0657 | 1 Phpgroupware | 1 Phpgroupware | 2008-09-05 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions. | |||||
CVE-2003-0599 | 1 Phpgroupware | 1 Phpgroupware | 2008-09-05 | 10.0 HIGH | N/A |
Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root. | |||||
CVE-2002-0536 | 1 Phpgroupware | 1 Phpgroupware | 2008-09-05 | 7.5 HIGH | N/A |
PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack. |