Search criteria
81 vulnerabilities found for phpgroupware by phpgroupware
FKIE_CVE-2010-0403
Vulnerability from fkie_nvd - Published: 2010-05-19 12:08 - Updated: 2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpgroupware | phpgroupware | * | |
| phpgroupware | phpgroupware | 0.9.16 | |
| phpgroupware | phpgroupware | 0.9.16.000 | |
| phpgroupware | phpgroupware | 0.9.16.001 | |
| phpgroupware | phpgroupware | 0.9.16.002 | |
| phpgroupware | phpgroupware | 0.9.16.003 | |
| phpgroupware | phpgroupware | 0.9.16.005 | |
| phpgroupware | phpgroupware | 0.9.16.010 | |
| phpgroupware | phpgroupware | 0.9.16.011 | |
| phpgroupware | phpgroupware | 0.9.16.012 | |
| phpgroupware | phpgroupware | 0.9.16.014 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "959D31B3-F41E-4C42-8685-FBB6B4204AEC",
"versionEndIncluding": "0.9.16.015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3FE8A4-497F-4282-828F-C14BB01B553D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.000:*:*:*:*:*:*:*",
"matchCriteriaId": "1C011E73-A072-421D-8500-C414A5B67BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.001:*:*:*:*:*:*:*",
"matchCriteriaId": "B21818A9-9E32-4535-A8DA-CB57D1004E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.002:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FBB83A-AADB-44D2-A227-2D76D4EF40CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.003:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7BA9C4-E9B0-420A-936F-50EAC81B7EBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.005:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7F6B19-F4E1-48F0-86ED-E5A21DE7EB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.010:*:*:*:*:*:*:*",
"matchCriteriaId": "E02256AC-1BE6-423D-A974-61D5EF137573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.011:*:*:*:*:*:*:*",
"matchCriteriaId": "159181D8-BED8-4DED-9B48-E0E126C4DFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.012:*:*:*:*:*:*:*",
"matchCriteriaId": "CB63C1A0-4C62-424B-A858-09DB6AB19BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.014:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4CAA53-0E0B-43FB-93F2-C8BA44CB0A51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el archivo about.php en phpGroupWare (phpgw) anterior a v0.9.16.016 permite a atacantes remotos incluir y ejecutar archivos locales de su elecci\u00f3n a trav\u00e9s de .. (punto punto) en el par\u00e1metro \"app\"."
}
],
"id": "CVE-2010-0403",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-05-19T12:08:08.070",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://download.phpgroupware.org/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.phpgroupware.org/index.php?t=msg\u0026th=98662\u0026start=0\u0026rid=0"
},
{
"source": "cve@mitre.org",
"url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39665"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39731"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2010/dsa-2046"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/40167"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1145"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1146"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://download.phpgroupware.org/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.phpgroupware.org/index.php?t=msg\u0026th=98662\u0026start=0\u0026rid=0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/40167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58657"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-0404
Vulnerability from fkie_nvd - Published: 2010-05-19 12:08 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpgroupware | phpgroupware | * | |
| phpgroupware | phpgroupware | 0.9.16 | |
| phpgroupware | phpgroupware | 0.9.16.000 | |
| phpgroupware | phpgroupware | 0.9.16.001 | |
| phpgroupware | phpgroupware | 0.9.16.002 | |
| phpgroupware | phpgroupware | 0.9.16.003 | |
| phpgroupware | phpgroupware | 0.9.16.005 | |
| phpgroupware | phpgroupware | 0.9.16.010 | |
| phpgroupware | phpgroupware | 0.9.16.011 | |
| phpgroupware | phpgroupware | 0.9.16.012 | |
| phpgroupware | phpgroupware | 0.9.16.014 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "959D31B3-F41E-4C42-8685-FBB6B4204AEC",
"versionEndIncluding": "0.9.16.015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3FE8A4-497F-4282-828F-C14BB01B553D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.000:*:*:*:*:*:*:*",
"matchCriteriaId": "1C011E73-A072-421D-8500-C414A5B67BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.001:*:*:*:*:*:*:*",
"matchCriteriaId": "B21818A9-9E32-4535-A8DA-CB57D1004E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.002:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FBB83A-AADB-44D2-A227-2D76D4EF40CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.003:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7BA9C4-E9B0-420A-936F-50EAC81B7EBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.005:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7F6B19-F4E1-48F0-86ED-E5A21DE7EB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.010:*:*:*:*:*:*:*",
"matchCriteriaId": "E02256AC-1BE6-423D-A974-61D5EF137573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.011:*:*:*:*:*:*:*",
"matchCriteriaId": "159181D8-BED8-4DED-9B48-E0E126C4DFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.012:*:*:*:*:*:*:*",
"matchCriteriaId": "CB63C1A0-4C62-424B-A858-09DB6AB19BEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.014:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4CAA53-0E0B-43FB-93F2-C8BA44CB0A51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en phpGroupWare (phpgw) anterior a v0.9.16.016 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de par\u00e1metros sin especificar a (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php en phpgwapi/inc/."
}
],
"id": "CVE-2010-0404",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-05-19T12:08:08.100",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://download.phpgroupware.org/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://forums.phpgroupware.org/index.php?t=msg\u0026th=98662\u0026start=0\u0026rid=0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39665"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39731"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2010/dsa-2046"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1145"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://download.phpgroupware.org/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://forums.phpgroupware.org/index.php?t=msg\u0026th=98662\u0026start=0\u0026rid=0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1146"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-4416
Vulnerability from fkie_nvd - Published: 2009-12-24 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the "phpgw_" sequence.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpgroupware | phpgroupware | 0.9.16.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3C58F242-81C3-4739-B28D-2D2FD8F0DEE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the \"phpgw_\" sequence."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en login.php en phpGroupWare v0.9.16.12, y probablemente otras versiones anteriores a v0.9.16.014, permite a atacantes remotos inyectar c\u00f3digo web y HTML de su elecci\u00f3n a trav\u00e9s de un par\u00e1metro elegido cuyo nombre empieza con la secuencia \"phpgw_\"."
}
],
"id": "CVE-2009-4416",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-24T16:30:00.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://kambing.ui.ac.id/gentoo-portage/www-apps/phpgroupware/files/phpgroupware-SA35519.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35519"
},
{
"source": "cve@mitre.org",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/login.php?r1=19063\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"source": "cve@mitre.org",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"source": "cve@mitre.org",
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/56179"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35761"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://kambing.ui.ac.id/gentoo-portage/www-apps/phpgroupware/files/phpgroupware-SA35519.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/login.php?r1=19063\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/56179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51923"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-4415
Vulnerability from fkie_nvd - Published: 2009-12-24 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpgroupware | phpgroupware | 0.9.16.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3C58F242-81C3-4739-B28D-2D2FD8F0DEE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de directorio phpGroupWare v0.9.16.12, y problemente otra versiones anteriores a v0.9.16.014, permite a atacantes remotos (1) leer ficheros de su elecci\u00f3n a trav\u00e9s del par\u00e1metro addressbook/csv_import.php, o (2) incluir y ejecutar ficheros locales de su elecci\u00f3n a trav\u00e9s del par\u00e1metro conv_type en addressbook/inc/class.uiXport.inc.php."
}
],
"id": "CVE-2009-4415",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-24T16:30:00.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35519"
},
{
"source": "cve@mitre.org",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/addressbook/csv_import.php?r1=15464\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"source": "cve@mitre.org",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/addressbook/inc/class.uiXport.inc.php?r1=14819\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"source": "cve@mitre.org",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"source": "cve@mitre.org",
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/56177"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/56180"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35761"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51921"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/addressbook/csv_import.php?r1=15464\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/addressbook/inc/class.uiXport.inc.php?r1=14819\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/56177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/56180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51924"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-4414
Vulnerability from fkie_nvd - Published: 2009-12-24 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpgroupware | phpgroupware | 0.9.16.012 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.012:*:*:*:*:*:*:*",
"matchCriteriaId": "CB63C1A0-4C62-424B-A858-09DB6AB19BEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en phpgwapi /inc/class.auth_sql.inc.php en phpGroupWare v0.9.16.12, y probablemente otras versiones anteriores a v0.9.16.014, cuando magic_quotes_gpc es desactivado, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a atrav\u00e9s del par\u00e1metro passwd en login.php."
}
],
"id": "CVE-2009-4414",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-24T16:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35519"
},
{
"source": "cve@mitre.org",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"source": "cve@mitre.org",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/inc/class.auth_sql.inc.php?r1=14407\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"source": "cve@mitre.org",
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/56178"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35761"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/inc/class.auth_sql.inc.php?r1=14407\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/56178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51922"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4458
Vulnerability from fkie_nvd - Published: 2006-08-31 10:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpgroupware | phpgroupware | 0.9.16.010 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.010:*:*:*:*:*:*:*",
"matchCriteriaId": "E02256AC-1BE6-423D-A974-61D5EF137573",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de directorio transversal en calendar/inc/class.holidaycalc.inc.php en phpGroupWare 0.9.16.010 y anteriores permite a un atacante remoto incluir archivos loccales de su elecci\u00f3n a trav\u00e9s de la secuencia .. (punto punto) y el byte nulo de acarreo (%00) en el par\u00e1metro GLOBALS[phpgw_info][user][preferences][common][country] ."
}
],
"evaluatorSolution": "Upgrade to phpGroupWare 0.9.16.011",
"id": "CVE-2006-4458",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-31T10:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21687"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19751"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3414"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28627"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/2270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/2270"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2010-0403 (GCVE-0-2010-0403)
Vulnerability from cvelistv5 – Published: 2010-05-18 15:29 – Updated: 2024-08-07 00:45
VLAI?
Summary
Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-1146",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1146"
},
{
"name": "ADV-2010-1145",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.phpgroupware.org/"
},
{
"name": "phpgroupware-about-file-include(58657)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58657"
},
{
"name": "[phpgroupware-users] 20100512 Phpgroupware security release 0.9.16.016",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"
},
{
"name": "40167",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40167"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.phpgroupware.org/index.php?t=msg\u0026th=98662\u0026start=0\u0026rid=0"
},
{
"name": "20100514 phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded"
},
{
"name": "39731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39731"
},
{
"name": "DSA-2046",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2046"
},
{
"name": "39665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-1146",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1146"
},
{
"name": "ADV-2010-1145",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.phpgroupware.org/"
},
{
"name": "phpgroupware-about-file-include(58657)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58657"
},
{
"name": "[phpgroupware-users] 20100512 Phpgroupware security release 0.9.16.016",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"
},
{
"name": "40167",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40167"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.phpgroupware.org/index.php?t=msg\u0026th=98662\u0026start=0\u0026rid=0"
},
{
"name": "20100514 phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded"
},
{
"name": "39731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39731"
},
{
"name": "DSA-2046",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2046"
},
{
"name": "39665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1146",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1146"
},
{
"name": "ADV-2010-1145",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1145"
},
{
"name": "http://download.phpgroupware.org/",
"refsource": "CONFIRM",
"url": "http://download.phpgroupware.org/"
},
{
"name": "phpgroupware-about-file-include(58657)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58657"
},
{
"name": "[phpgroupware-users] 20100512 Phpgroupware security release 0.9.16.016",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"
},
{
"name": "40167",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40167"
},
{
"name": "http://forums.phpgroupware.org/index.php?t=msg\u0026th=98662\u0026start=0\u0026rid=0",
"refsource": "CONFIRM",
"url": "http://forums.phpgroupware.org/index.php?t=msg\u0026th=98662\u0026start=0\u0026rid=0"
},
{
"name": "20100514 phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded"
},
{
"name": "39731",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39731"
},
{
"name": "DSA-2046",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2046"
},
{
"name": "39665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0403",
"datePublished": "2010-05-18T15:29:00",
"dateReserved": "2010-01-27T00:00:00",
"dateUpdated": "2024-08-07T00:45:12.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0404 (GCVE-0-2010-0404)
Vulnerability from cvelistv5 – Published: 2010-05-18 15:29 – Updated: 2024-08-07 00:45
VLAI?
Summary
Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-1146",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1146"
},
{
"name": "ADV-2010-1145",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.phpgroupware.org/"
},
{
"name": "[phpgroupware-users] 20100512 Phpgroupware security release 0.9.16.016",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.phpgroupware.org/index.php?t=msg\u0026th=98662\u0026start=0\u0026rid=0"
},
{
"name": "20100514 phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded"
},
{
"name": "39731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39731"
},
{
"name": "DSA-2046",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2046"
},
{
"name": "39665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-1146",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1146"
},
{
"name": "ADV-2010-1145",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.phpgroupware.org/"
},
{
"name": "[phpgroupware-users] 20100512 Phpgroupware security release 0.9.16.016",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.phpgroupware.org/index.php?t=msg\u0026th=98662\u0026start=0\u0026rid=0"
},
{
"name": "20100514 phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded"
},
{
"name": "39731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39731"
},
{
"name": "DSA-2046",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2046"
},
{
"name": "39665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1146",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1146"
},
{
"name": "ADV-2010-1145",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1145"
},
{
"name": "http://download.phpgroupware.org/",
"refsource": "CONFIRM",
"url": "http://download.phpgroupware.org/"
},
{
"name": "[phpgroupware-users] 20100512 Phpgroupware security release 0.9.16.016",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"
},
{
"name": "http://forums.phpgroupware.org/index.php?t=msg\u0026th=98662\u0026start=0\u0026rid=0",
"refsource": "CONFIRM",
"url": "http://forums.phpgroupware.org/index.php?t=msg\u0026th=98662\u0026start=0\u0026rid=0"
},
{
"name": "20100514 phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded"
},
{
"name": "39731",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39731"
},
{
"name": "DSA-2046",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2046"
},
{
"name": "39665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0404",
"datePublished": "2010-05-18T15:29:00",
"dateReserved": "2010-01-27T00:00:00",
"dateUpdated": "2024-08-07T00:45:12.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4415 (GCVE-0-2009-4415)
Vulnerability from cvelistv5 – Published: 2009-12-24 16:00 – Updated: 2024-08-07 07:01
VLAI?
Summary
Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35761",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35761"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "phpgroupware-convtype-file-include(51924)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51924"
},
{
"name": "56180",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/56180"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"name": "35519",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35519"
},
{
"name": "phpgroupware-csvimport-info-disclosure(51921)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51921"
},
{
"name": "56177",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/56177"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/addressbook/csv_import.php?r1=15464\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/addressbook/inc/class.uiXport.inc.php?r1=14819\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "[oss-security] 20091220 CVE request: phpgroupware",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35761",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35761"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "phpgroupware-convtype-file-include(51924)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51924"
},
{
"name": "56180",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/56180"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"name": "35519",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35519"
},
{
"name": "phpgroupware-csvimport-info-disclosure(51921)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51921"
},
{
"name": "56177",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/56177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/addressbook/csv_import.php?r1=15464\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/addressbook/inc/class.uiXport.inc.php?r1=14819\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "[oss-security] 20091220 CVE request: phpgroupware",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35761",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35761"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "phpgroupware-convtype-file-include(51924)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51924"
},
{
"name": "56180",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/56180"
},
{
"name": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"name": "35519",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35519"
},
{
"name": "phpgroupware-csvimport-info-disclosure(51921)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51921"
},
{
"name": "56177",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/56177"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/addressbook/csv_import.php?r1=15464\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/addressbook/csv_import.php?r1=15464\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/addressbook/inc/class.uiXport.inc.php?r1=14819\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/addressbook/inc/class.uiXport.inc.php?r1=14819\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "[oss-security] 20091220 CVE request: phpgroupware",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4415",
"datePublished": "2009-12-24T16:00:00",
"dateReserved": "2009-12-24T00:00:00",
"dateUpdated": "2024-08-07T07:01:20.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4414 (GCVE-0-2009-4414)
Vulnerability from cvelistv5 – Published: 2009-12-24 16:00 – Updated: 2024-08-07 07:01
VLAI?
Summary
SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35761",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35761"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "56178",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/56178"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"name": "35519",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35519"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/inc/class.auth_sql.inc.php?r1=14407\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "phpgroupware-login-sql-injection(51922)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51922"
},
{
"name": "[oss-security] 20091220 CVE request: phpgroupware",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35761",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35761"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "56178",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/56178"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"name": "35519",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35519"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/inc/class.auth_sql.inc.php?r1=14407\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "phpgroupware-login-sql-injection(51922)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51922"
},
{
"name": "[oss-security] 20091220 CVE request: phpgroupware",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35761",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35761"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "56178",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/56178"
},
{
"name": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"name": "35519",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35519"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/inc/class.auth_sql.inc.php?r1=14407\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/inc/class.auth_sql.inc.php?r1=14407\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "phpgroupware-login-sql-injection(51922)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51922"
},
{
"name": "[oss-security] 20091220 CVE request: phpgroupware",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4414",
"datePublished": "2009-12-24T16:00:00",
"dateReserved": "2009-12-24T00:00:00",
"dateUpdated": "2024-08-07T07:01:20.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4416 (GCVE-0-2009-4416)
Vulnerability from cvelistv5 – Published: 2009-12-24 16:00 – Updated: 2024-08-07 07:01
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the "phpgw_" sequence.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35761",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35761"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/login.php?r1=19063\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"name": "35519",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35519"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kambing.ui.ac.id/gentoo-portage/www-apps/phpgroupware/files/phpgroupware-SA35519.patch"
},
{
"name": "phpgroupware-query-xss(51923)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51923"
},
{
"name": "[oss-security] 20091220 CVE request: phpgroupware",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
},
{
"name": "56179",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/56179"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the \"phpgw_\" sequence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35761",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35761"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/login.php?r1=19063\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"name": "35519",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35519"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kambing.ui.ac.id/gentoo-portage/www-apps/phpgroupware/files/phpgroupware-SA35519.patch"
},
{
"name": "phpgroupware-query-xss(51923)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51923"
},
{
"name": "[oss-security] 20091220 CVE request: phpgroupware",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
},
{
"name": "56179",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/56179"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the \"phpgw_\" sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35761",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35761"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/login.php?r1=19063\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/login.php?r1=19063\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"name": "35519",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35519"
},
{
"name": "http://kambing.ui.ac.id/gentoo-portage/www-apps/phpgroupware/files/phpgroupware-SA35519.patch",
"refsource": "MISC",
"url": "http://kambing.ui.ac.id/gentoo-portage/www-apps/phpgroupware/files/phpgroupware-SA35519.patch"
},
{
"name": "phpgroupware-query-xss(51923)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51923"
},
{
"name": "[oss-security] 20091220 CVE request: phpgroupware",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
},
{
"name": "56179",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/56179"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4416",
"datePublished": "2009-12-24T16:00:00",
"dateReserved": "2009-12-24T00:00:00",
"dateUpdated": "2024-08-07T07:01:20.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4458 (GCVE-0-2006-4458)
Vulnerability from cvelistv5 – Published: 2006-08-31 10:00 – Updated: 2024-08-07 19:14
VLAI?
Summary
Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:46.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19751",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19751"
},
{
"name": "ADV-2006-3414",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3414"
},
{
"name": "2270",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2270"
},
{
"name": "phpgroupware-class-file-include(28627)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28627"
},
{
"name": "21687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21687"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19751",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19751"
},
{
"name": "ADV-2006-3414",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3414"
},
{
"name": "2270",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2270"
},
{
"name": "phpgroupware-class-file-include(28627)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28627"
},
{
"name": "21687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21687"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19751"
},
{
"name": "ADV-2006-3414",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3414"
},
{
"name": "2270",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2270"
},
{
"name": "phpgroupware-class-file-include(28627)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28627"
},
{
"name": "21687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21687"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4458",
"datePublished": "2006-08-31T10:00:00",
"dateReserved": "2006-08-30T00:00:00",
"dateUpdated": "2024-08-07T19:14:46.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2573 (GCVE-0-2004-2573)
Vulnerability from cvelistv5 – Published: 2005-11-28 23:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12074",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12074"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478"
},
{
"name": "7599",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7599"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-15T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12074",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12074"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478"
},
{
"name": "7599",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7599"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12074",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12074"
},
{
"name": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478",
"refsource": "CONFIRM",
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478"
},
{
"name": "7599",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7599"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2573",
"datePublished": "2005-11-28T23:00:00",
"dateReserved": "2005-11-28T00:00:00",
"dateUpdated": "2024-08-08T01:29:14.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2575 (GCVE-0-2004-2575)
Vulnerability from cvelistv5 – Published: 2005-11-28 23:00 – Updated: 2024-09-17 01:40
VLAI?
Summary
phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a direct request to (1) hook_admin.inc.php, (2) hook_home.inc.php, (3) class.holidaycalc.inc.php, and (4) setup.inc.php.sample, which reveals the path in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7602"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478"
},
{
"name": "7604",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7604"
},
{
"name": "7601",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7601"
},
{
"name": "7603",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7603"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a direct request to (1) hook_admin.inc.php, (2) hook_home.inc.php, (3) class.holidaycalc.inc.php, and (4) setup.inc.php.sample, which reveals the path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-28T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7602"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478"
},
{
"name": "7604",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7604"
},
{
"name": "7601",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7601"
},
{
"name": "7603",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7603"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a direct request to (1) hook_admin.inc.php, (2) hook_home.inc.php, (3) class.holidaycalc.inc.php, and (4) setup.inc.php.sample, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7602",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7602"
},
{
"name": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478",
"refsource": "CONFIRM",
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478"
},
{
"name": "7604",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7604"
},
{
"name": "7601",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7601"
},
{
"name": "7603",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7603"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2575",
"datePublished": "2005-11-28T23:00:00Z",
"dateReserved": "2005-11-28T00:00:00Z",
"dateUpdated": "2024-09-17T01:40:57.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2574 (GCVE-0-2004-2574)
Vulnerability from cvelistv5 – Published: 2005-11-28 23:00 – Updated: 2024-09-17 02:52
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478"
},
{
"name": "12082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12082"
},
{
"name": "7600",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-28T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478"
},
{
"name": "12082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12082"
},
{
"name": "7600",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478",
"refsource": "CONFIRM",
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478"
},
{
"name": "12082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12082"
},
{
"name": "7600",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2574",
"datePublished": "2005-11-28T23:00:00Z",
"dateReserved": "2005-11-28T00:00:00Z",
"dateUpdated": "2024-09-17T02:52:29.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2577 (GCVE-0-2004-2577)
Vulnerability from cvelistv5 – Published: 2005-11-28 23:00 – Updated: 2024-09-16 20:47
VLAI?
Summary
The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files, and possibly has other unknown impacts.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7618",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7618"
},
{
"name": "12237",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12237"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users\u0027 home directories that lack .htaccess files, and possibly has other unknown impacts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-28T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7618",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7618"
},
{
"name": "12237",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12237"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users\u0027 home directories that lack .htaccess files, and possibly has other unknown impacts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7618",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7618"
},
{
"name": "12237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12237"
},
{
"name": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7227",
"refsource": "CONFIRM",
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2577",
"datePublished": "2005-11-28T23:00:00Z",
"dateReserved": "2005-11-28T00:00:00Z",
"dateUpdated": "2024-09-16T20:47:26.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2576 (GCVE-0-2004-2576)
Vulnerability from cvelistv5 – Published: 2005-11-28 23:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users' home-directory files, which allows remote attackers to obtain sensitive information from these files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7617",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7617"
},
{
"name": "phpgroupware-classvfsdavinc-security-bypass(19195)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19195"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=8359"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users\u0027 home-directory files, which allows remote attackers to obtain sensitive information from these files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7617",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7617"
},
{
"name": "phpgroupware-classvfsdavinc-security-bypass(19195)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19195"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=8359"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users\u0027 home-directory files, which allows remote attackers to obtain sensitive information from these files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7617",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7617"
},
{
"name": "phpgroupware-classvfsdavinc-security-bypass(19195)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19195"
},
{
"name": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=8359",
"refsource": "CONFIRM",
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=8359"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2576",
"datePublished": "2005-11-28T23:00:00",
"dateReserved": "2005-11-28T00:00:00",
"dateUpdated": "2024-08-08T01:29:14.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2578 (GCVE-0-2004-2578)
Vulnerability from cvelistv5 – Published: 2005-11-28 23:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10895",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10895"
},
{
"name": "8354",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/8354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.archive.org/web/20040920024328/http://www.phpgroupware.org/"
},
{
"name": "phpgroupware-plaintext-password(16970)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16970"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10895",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10895"
},
{
"name": "8354",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/8354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.archive.org/web/20040920024328/http://www.phpgroupware.org/"
},
{
"name": "phpgroupware-plaintext-password(16970)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16970"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10895"
},
{
"name": "8354",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8354"
},
{
"name": "http://web.archive.org/web/20040920024328/http://www.phpgroupware.org/",
"refsource": "CONFIRM",
"url": "http://web.archive.org/web/20040920024328/http://www.phpgroupware.org/"
},
{
"name": "phpgroupware-plaintext-password(16970)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16970"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2578",
"datePublished": "2005-11-28T23:00:00",
"dateReserved": "2005-11-28T00:00:00",
"dateUpdated": "2024-08-08T01:29:14.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0403 (GCVE-0-2010-0403)
Vulnerability from nvd – Published: 2010-05-18 15:29 – Updated: 2024-08-07 00:45
VLAI?
Summary
Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-1146",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1146"
},
{
"name": "ADV-2010-1145",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.phpgroupware.org/"
},
{
"name": "phpgroupware-about-file-include(58657)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58657"
},
{
"name": "[phpgroupware-users] 20100512 Phpgroupware security release 0.9.16.016",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"
},
{
"name": "40167",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40167"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.phpgroupware.org/index.php?t=msg\u0026th=98662\u0026start=0\u0026rid=0"
},
{
"name": "20100514 phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded"
},
{
"name": "39731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39731"
},
{
"name": "DSA-2046",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2046"
},
{
"name": "39665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-1146",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1146"
},
{
"name": "ADV-2010-1145",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.phpgroupware.org/"
},
{
"name": "phpgroupware-about-file-include(58657)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58657"
},
{
"name": "[phpgroupware-users] 20100512 Phpgroupware security release 0.9.16.016",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"
},
{
"name": "40167",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40167"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.phpgroupware.org/index.php?t=msg\u0026th=98662\u0026start=0\u0026rid=0"
},
{
"name": "20100514 phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded"
},
{
"name": "39731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39731"
},
{
"name": "DSA-2046",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2046"
},
{
"name": "39665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1146",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1146"
},
{
"name": "ADV-2010-1145",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1145"
},
{
"name": "http://download.phpgroupware.org/",
"refsource": "CONFIRM",
"url": "http://download.phpgroupware.org/"
},
{
"name": "phpgroupware-about-file-include(58657)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58657"
},
{
"name": "[phpgroupware-users] 20100512 Phpgroupware security release 0.9.16.016",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"
},
{
"name": "40167",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40167"
},
{
"name": "http://forums.phpgroupware.org/index.php?t=msg\u0026th=98662\u0026start=0\u0026rid=0",
"refsource": "CONFIRM",
"url": "http://forums.phpgroupware.org/index.php?t=msg\u0026th=98662\u0026start=0\u0026rid=0"
},
{
"name": "20100514 phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded"
},
{
"name": "39731",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39731"
},
{
"name": "DSA-2046",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2046"
},
{
"name": "39665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0403",
"datePublished": "2010-05-18T15:29:00",
"dateReserved": "2010-01-27T00:00:00",
"dateUpdated": "2024-08-07T00:45:12.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0404 (GCVE-0-2010-0404)
Vulnerability from nvd – Published: 2010-05-18 15:29 – Updated: 2024-08-07 00:45
VLAI?
Summary
Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-1146",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1146"
},
{
"name": "ADV-2010-1145",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.phpgroupware.org/"
},
{
"name": "[phpgroupware-users] 20100512 Phpgroupware security release 0.9.16.016",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.phpgroupware.org/index.php?t=msg\u0026th=98662\u0026start=0\u0026rid=0"
},
{
"name": "20100514 phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded"
},
{
"name": "39731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39731"
},
{
"name": "DSA-2046",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2046"
},
{
"name": "39665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-1146",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1146"
},
{
"name": "ADV-2010-1145",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.phpgroupware.org/"
},
{
"name": "[phpgroupware-users] 20100512 Phpgroupware security release 0.9.16.016",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.phpgroupware.org/index.php?t=msg\u0026th=98662\u0026start=0\u0026rid=0"
},
{
"name": "20100514 phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded"
},
{
"name": "39731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39731"
},
{
"name": "DSA-2046",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2046"
},
{
"name": "39665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1146",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1146"
},
{
"name": "ADV-2010-1145",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1145"
},
{
"name": "http://download.phpgroupware.org/",
"refsource": "CONFIRM",
"url": "http://download.phpgroupware.org/"
},
{
"name": "[phpgroupware-users] 20100512 Phpgroupware security release 0.9.16.016",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html"
},
{
"name": "http://forums.phpgroupware.org/index.php?t=msg\u0026th=98662\u0026start=0\u0026rid=0",
"refsource": "CONFIRM",
"url": "http://forums.phpgroupware.org/index.php?t=msg\u0026th=98662\u0026start=0\u0026rid=0"
},
{
"name": "20100514 phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511299/100/0/threaded"
},
{
"name": "39731",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39731"
},
{
"name": "DSA-2046",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2046"
},
{
"name": "39665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0404",
"datePublished": "2010-05-18T15:29:00",
"dateReserved": "2010-01-27T00:00:00",
"dateUpdated": "2024-08-07T00:45:12.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4415 (GCVE-0-2009-4415)
Vulnerability from nvd – Published: 2009-12-24 16:00 – Updated: 2024-08-07 07:01
VLAI?
Summary
Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35761",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35761"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "phpgroupware-convtype-file-include(51924)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51924"
},
{
"name": "56180",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/56180"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"name": "35519",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35519"
},
{
"name": "phpgroupware-csvimport-info-disclosure(51921)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51921"
},
{
"name": "56177",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/56177"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/addressbook/csv_import.php?r1=15464\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/addressbook/inc/class.uiXport.inc.php?r1=14819\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "[oss-security] 20091220 CVE request: phpgroupware",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35761",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35761"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "phpgroupware-convtype-file-include(51924)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51924"
},
{
"name": "56180",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/56180"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"name": "35519",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35519"
},
{
"name": "phpgroupware-csvimport-info-disclosure(51921)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51921"
},
{
"name": "56177",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/56177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/addressbook/csv_import.php?r1=15464\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/addressbook/inc/class.uiXport.inc.php?r1=14819\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "[oss-security] 20091220 CVE request: phpgroupware",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to (1) read arbitrary files via the csvfile parameter to addressbook/csv_import.php, or (2) include and execute arbitrary local files via the conv_type parameter in addressbook/inc/class.uiXport.inc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35761",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35761"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "phpgroupware-convtype-file-include(51924)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51924"
},
{
"name": "56180",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/56180"
},
{
"name": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"name": "35519",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35519"
},
{
"name": "phpgroupware-csvimport-info-disclosure(51921)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51921"
},
{
"name": "56177",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/56177"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/addressbook/csv_import.php?r1=15464\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/addressbook/csv_import.php?r1=15464\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/addressbook/inc/class.uiXport.inc.php?r1=14819\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/addressbook/inc/class.uiXport.inc.php?r1=14819\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "[oss-security] 20091220 CVE request: phpgroupware",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4415",
"datePublished": "2009-12-24T16:00:00",
"dateReserved": "2009-12-24T00:00:00",
"dateUpdated": "2024-08-07T07:01:20.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4414 (GCVE-0-2009-4414)
Vulnerability from nvd – Published: 2009-12-24 16:00 – Updated: 2024-08-07 07:01
VLAI?
Summary
SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35761",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35761"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "56178",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/56178"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"name": "35519",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35519"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/inc/class.auth_sql.inc.php?r1=14407\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "phpgroupware-login-sql-injection(51922)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51922"
},
{
"name": "[oss-security] 20091220 CVE request: phpgroupware",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35761",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35761"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "56178",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/56178"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"name": "35519",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35519"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/inc/class.auth_sql.inc.php?r1=14407\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "phpgroupware-login-sql-injection(51922)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51922"
},
{
"name": "[oss-security] 20091220 CVE request: phpgroupware",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35761",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35761"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "56178",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/56178"
},
{
"name": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"name": "35519",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35519"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/inc/class.auth_sql.inc.php?r1=14407\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/inc/class.auth_sql.inc.php?r1=14407\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "phpgroupware-login-sql-injection(51922)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51922"
},
{
"name": "[oss-security] 20091220 CVE request: phpgroupware",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4414",
"datePublished": "2009-12-24T16:00:00",
"dateReserved": "2009-12-24T00:00:00",
"dateUpdated": "2024-08-07T07:01:20.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4416 (GCVE-0-2009-4416)
Vulnerability from nvd – Published: 2009-12-24 16:00 – Updated: 2024-08-07 07:01
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the "phpgw_" sequence.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35761",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35761"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/login.php?r1=19063\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"name": "35519",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35519"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://kambing.ui.ac.id/gentoo-portage/www-apps/phpgroupware/files/phpgroupware-SA35519.patch"
},
{
"name": "phpgroupware-query-xss(51923)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51923"
},
{
"name": "[oss-security] 20091220 CVE request: phpgroupware",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
},
{
"name": "56179",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/56179"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the \"phpgw_\" sequence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35761",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35761"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/login.php?r1=19063\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"name": "35519",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35519"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://kambing.ui.ac.id/gentoo-portage/www-apps/phpgroupware/files/phpgroupware-SA35519.patch"
},
{
"name": "phpgroupware-query-xss(51923)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51923"
},
{
"name": "[oss-security] 20091220 CVE request: phpgroupware",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
},
{
"name": "56179",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/56179"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the \"phpgw_\" sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35761",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35761"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/phpgwapi/doc/CHANGELOG?r1=17045\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/login.php?r1=19063\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/branches/Version-0_9_16-branch/login.php?r1=19063\u0026r2=19117\u0026pathrev=19117\u0026sortby=date\u0026root=phpgroupware"
},
{
"name": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc?view=rev\u0026root=phpgroupware\u0026sortby=date\u0026revision=19117"
},
{
"name": "35519",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35519"
},
{
"name": "http://kambing.ui.ac.id/gentoo-portage/www-apps/phpgroupware/files/phpgroupware-SA35519.patch",
"refsource": "MISC",
"url": "http://kambing.ui.ac.id/gentoo-portage/www-apps/phpgroupware/files/phpgroupware-SA35519.patch"
},
{
"name": "phpgroupware-query-xss(51923)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51923"
},
{
"name": "[oss-security] 20091220 CVE request: phpgroupware",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/12/20/1"
},
{
"name": "56179",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/56179"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4416",
"datePublished": "2009-12-24T16:00:00",
"dateReserved": "2009-12-24T00:00:00",
"dateUpdated": "2024-08-07T07:01:20.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4458 (GCVE-0-2006-4458)
Vulnerability from nvd – Published: 2006-08-31 10:00 – Updated: 2024-08-07 19:14
VLAI?
Summary
Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:46.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19751",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19751"
},
{
"name": "ADV-2006-3414",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3414"
},
{
"name": "2270",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2270"
},
{
"name": "phpgroupware-class-file-include(28627)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28627"
},
{
"name": "21687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21687"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19751",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19751"
},
{
"name": "ADV-2006-3414",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3414"
},
{
"name": "2270",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2270"
},
{
"name": "phpgroupware-class-file-include(28627)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28627"
},
{
"name": "21687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21687"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19751"
},
{
"name": "ADV-2006-3414",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3414"
},
{
"name": "2270",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2270"
},
{
"name": "phpgroupware-class-file-include(28627)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28627"
},
{
"name": "21687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21687"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4458",
"datePublished": "2006-08-31T10:00:00",
"dateReserved": "2006-08-30T00:00:00",
"dateUpdated": "2024-08-07T19:14:46.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2573 (GCVE-0-2004-2573)
Vulnerability from nvd – Published: 2005-11-28 23:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12074",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12074"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478"
},
{
"name": "7599",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7599"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-15T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12074",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12074"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478"
},
{
"name": "7599",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7599"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12074",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12074"
},
{
"name": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478",
"refsource": "CONFIRM",
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478"
},
{
"name": "7599",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7599"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2573",
"datePublished": "2005-11-28T23:00:00",
"dateReserved": "2005-11-28T00:00:00",
"dateUpdated": "2024-08-08T01:29:14.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2575 (GCVE-0-2004-2575)
Vulnerability from nvd – Published: 2005-11-28 23:00 – Updated: 2024-09-17 01:40
VLAI?
Summary
phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a direct request to (1) hook_admin.inc.php, (2) hook_home.inc.php, (3) class.holidaycalc.inc.php, and (4) setup.inc.php.sample, which reveals the path in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7602"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478"
},
{
"name": "7604",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7604"
},
{
"name": "7601",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7601"
},
{
"name": "7603",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7603"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a direct request to (1) hook_admin.inc.php, (2) hook_home.inc.php, (3) class.holidaycalc.inc.php, and (4) setup.inc.php.sample, which reveals the path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-28T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7602"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478"
},
{
"name": "7604",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7604"
},
{
"name": "7601",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7601"
},
{
"name": "7603",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7603"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a direct request to (1) hook_admin.inc.php, (2) hook_home.inc.php, (3) class.holidaycalc.inc.php, and (4) setup.inc.php.sample, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7602",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7602"
},
{
"name": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478",
"refsource": "CONFIRM",
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478"
},
{
"name": "7604",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7604"
},
{
"name": "7601",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7601"
},
{
"name": "7603",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7603"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2575",
"datePublished": "2005-11-28T23:00:00Z",
"dateReserved": "2005-11-28T00:00:00Z",
"dateUpdated": "2024-09-17T01:40:57.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2574 (GCVE-0-2004-2574)
Vulnerability from nvd – Published: 2005-11-28 23:00 – Updated: 2024-09-17 02:52
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478"
},
{
"name": "12082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12082"
},
{
"name": "7600",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-28T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478"
},
{
"name": "12082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12082"
},
{
"name": "7600",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478",
"refsource": "CONFIRM",
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7478"
},
{
"name": "12082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12082"
},
{
"name": "7600",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2574",
"datePublished": "2005-11-28T23:00:00Z",
"dateReserved": "2005-11-28T00:00:00Z",
"dateUpdated": "2024-09-17T02:52:29.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2577 (GCVE-0-2004-2577)
Vulnerability from nvd – Published: 2005-11-28 23:00 – Updated: 2024-09-16 20:47
VLAI?
Summary
The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files, and possibly has other unknown impacts.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7618",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7618"
},
{
"name": "12237",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12237"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users\u0027 home directories that lack .htaccess files, and possibly has other unknown impacts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-28T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7618",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7618"
},
{
"name": "12237",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12237"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users\u0027 home directories that lack .htaccess files, and possibly has other unknown impacts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7618",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7618"
},
{
"name": "12237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12237"
},
{
"name": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7227",
"refsource": "CONFIRM",
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=7227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2577",
"datePublished": "2005-11-28T23:00:00Z",
"dateReserved": "2005-11-28T00:00:00Z",
"dateUpdated": "2024-09-16T20:47:26.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2576 (GCVE-0-2004-2576)
Vulnerability from nvd – Published: 2005-11-28 23:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users' home-directory files, which allows remote attackers to obtain sensitive information from these files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "7617",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7617"
},
{
"name": "phpgroupware-classvfsdavinc-security-bypass(19195)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19195"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=8359"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users\u0027 home-directory files, which allows remote attackers to obtain sensitive information from these files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "7617",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7617"
},
{
"name": "phpgroupware-classvfsdavinc-security-bypass(19195)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19195"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=8359"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users\u0027 home-directory files, which allows remote attackers to obtain sensitive information from these files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7617",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7617"
},
{
"name": "phpgroupware-classvfsdavinc-security-bypass(19195)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19195"
},
{
"name": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=8359",
"refsource": "CONFIRM",
"url": "https://savannah.gnu.org/bugs/?func=detailitem\u0026item_id=8359"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2576",
"datePublished": "2005-11-28T23:00:00",
"dateReserved": "2005-11-28T00:00:00",
"dateUpdated": "2024-08-08T01:29:14.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2578 (GCVE-0-2004-2578)
Vulnerability from nvd – Published: 2005-11-28 23:00 – Updated: 2024-08-08 01:29
VLAI?
Summary
phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:14.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10895",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10895"
},
{
"name": "8354",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/8354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://web.archive.org/web/20040920024328/http://www.phpgroupware.org/"
},
{
"name": "phpgroupware-plaintext-password(16970)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16970"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10895",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10895"
},
{
"name": "8354",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/8354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://web.archive.org/web/20040920024328/http://www.phpgroupware.org/"
},
{
"name": "phpgroupware-plaintext-password(16970)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16970"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10895"
},
{
"name": "8354",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8354"
},
{
"name": "http://web.archive.org/web/20040920024328/http://www.phpgroupware.org/",
"refsource": "CONFIRM",
"url": "http://web.archive.org/web/20040920024328/http://www.phpgroupware.org/"
},
{
"name": "phpgroupware-plaintext-password(16970)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16970"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2578",
"datePublished": "2005-11-28T23:00:00",
"dateReserved": "2005-11-28T00:00:00",
"dateUpdated": "2024-08-08T01:29:14.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}