Filtered by vendor Phpgroupware
Subscriptions
Filtered by product Phpgroupware
Subscriptions
Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2578 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | N/A |
| phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords. | ||||
| CVE-2001-0043 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | N/A |
| phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program. | ||||
| CVE-2005-2761 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 allows administrators to inject arbitrary web script or HTML by modifying the main screen message. | ||||
| CVE-2002-0536 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | N/A |
| PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack. | ||||
| CVE-2003-0599 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | N/A |
| Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root. | ||||
| CVE-2003-0657 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions. | ||||
| CVE-2004-0016 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | N/A |
| The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files. | ||||