Filtered by vendor Phpgroupware
Subscriptions
Total
27 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2004-0017 | 1 Phpgroupware | 1 Phpgroupware | 2024-11-20 | N/A |
Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations. | ||||
CVE-2004-0016 | 1 Phpgroupware | 1 Phpgroupware | 2024-11-20 | N/A |
The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files. | ||||
CVE-2003-0657 | 1 Phpgroupware | 1 Phpgroupware | 2024-11-20 | N/A |
Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions. | ||||
CVE-2003-0599 | 1 Phpgroupware | 1 Phpgroupware | 2024-11-20 | N/A |
Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root. | ||||
CVE-2003-0504 | 1 Phpgroupware | 1 Phpgroupware | 2024-11-20 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module. | ||||
CVE-2002-0536 | 1 Phpgroupware | 1 Phpgroupware | 2024-11-20 | N/A |
PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack. | ||||
CVE-2001-0043 | 1 Phpgroupware | 1 Phpgroupware | 2024-11-20 | N/A |
phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program. |