Phpgroupware
by PhpGroupWare
CVEs (28)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-2578 | 0.00 | — | 0.01 | Dec 31, 2004 | phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords. | |||
| CVE-2004-0875 | 0.00 | — | 0.01 | Dec 23, 2004 | Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware (aka webdistro) 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module. | |||
| CVE-2004-0017 | 0.00 | — | 0.01 | Feb 3, 2004 | Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations. | |||
| CVE-2004-0016 | 0.00 | — | 0.02 | Feb 3, 2004 | The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files. | |||
| CVE-2003-0657 | 0.00 | — | 0.01 | Aug 27, 2003 | Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions. | |||
| CVE-2003-0599 | 0.00 | — | 0.02 | Aug 27, 2003 | Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root. | |||
| CVE-2003-0504 | 0.00 | — | 0.01 | Aug 7, 2003 | Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module. | |||
| CVE-2001-0043 | 0.00 | — | 0.03 | Feb 16, 2001 | phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program. |
- CVE-2004-2578Dec 31, 2004risk 0.00cvss —epss 0.01
phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords.
- CVE-2004-0875Dec 23, 2004risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware (aka webdistro) 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module.
- CVE-2004-0017Feb 3, 2004risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations.
- CVE-2004-0016Feb 3, 2004risk 0.00cvss —epss 0.02
The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files.
- CVE-2003-0657Aug 27, 2003risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions.
- CVE-2003-0599Aug 27, 2003risk 0.00cvss —epss 0.02
Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root.
- CVE-2003-0504Aug 7, 2003risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module.
- CVE-2001-0043Feb 16, 2001risk 0.00cvss —epss 0.03
phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program.
Page 2 of 2