Filtered by vendor Phpgroupware Subscriptions

Search

Switch to Advanced Search (Beta)
Total 27 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2004-2407 1 Phpgroupware 1 Phpgroupware 2025-04-03 N/A
Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality.
CVE-2004-0016 1 Phpgroupware 1 Phpgroupware 2025-04-03 N/A
The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files.
CVE-2004-2578 1 Phpgroupware 1 Phpgroupware 2025-04-03 N/A
phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords.
CVE-2004-1385 1 Phpgroupware 1 Phpgroupware 2025-04-03 N/A
phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction parameter to index.php, which reveals the web server path in an error message.
CVE-2006-4458 1 Phpgroupware 1 Phpgroupware 2025-04-03 N/A
Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter.
CVE-2003-0657 1 Phpgroupware 1 Phpgroupware 2025-04-03 N/A
Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions.
CVE-2004-0017 1 Phpgroupware 1 Phpgroupware 2025-04-03 N/A
Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations.