All the vulnerabilites related to egroupware - egroupware
cve-2008-2041
Vulnerability from cvelistv5
Published
2008-04-30 15:00
Modified
2024-08-07 08:49
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and "grave" impact when the web server has write access to a directory under the web document root.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/28817 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42141 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/30073 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.gentoo.org/security/en/glsa/glsa-200805-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.egroupware.org/news | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:56.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28817",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28817"
},
{
"name": "egroupware-webserver-unspecified(42141)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42141"
},
{
"name": "30073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30073"
},
{
"name": "GLSA-200805-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-04.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.egroupware.org/news"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and \"grave\" impact when the web server has write access to a directory under the web document root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28817",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28817"
},
{
"name": "egroupware-webserver-unspecified(42141)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42141"
},
{
"name": "30073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30073"
},
{
"name": "GLSA-200805-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-04.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.egroupware.org/news"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and \"grave\" impact when the web server has write access to a directory under the web document root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28817",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28817"
},
{
"name": "egroupware-webserver-unspecified(42141)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42141"
},
{
"name": "30073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30073"
},
{
"name": "GLSA-200805-04",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-04.xml"
},
{
"name": "http://www.egroupware.org/news",
"refsource": "CONFIRM",
"url": "http://www.egroupware.org/news"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2041",
"datePublished": "2008-04-30T15:00:00",
"dateReserved": "2008-04-30T00:00:00",
"dateUpdated": "2024-08-07T08:49:56.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4951
Vulnerability from cvelistv5
Published
2012-08-31 22:00
Modified
2024-09-16 18:19
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.egroupware.org/epl-changelog | x_refsource_CONFIRM | |
| http://www.egroupware.org/changelog | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/52770 | vdb-entry, x_refsource_BID | |
| http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178 | x_refsource_MISC | |
| http://comments.gmane.org/gmane.comp.web.egroupware.german/33144 | mailing-list, x_refsource_MLIST | |
| http://packetstormsecurity.org/files/101675/eGroupware-1.8.001.20110421-Open-Redirect.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/03/29/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/03/30/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.egroupware.org/epl-changelog"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.egroupware.org/changelog"
},
{
"name": "52770",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52770"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178"
},
{
"name": "[egroupware-german] 20110805 new EGroupware SECURITY \u0026 maintenance release 1.8.001.20110805",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/101675/eGroupware-1.8.001.20110421-Open-Redirect.html"
},
{
"name": "[oss-security] 20120328 Re: CVE request: egroupware before 1.8.002 various security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/1"
},
{
"name": "[oss-security] 20120329 Re: CVE request: egroupware before 1.8.002 various security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-31T22:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.egroupware.org/epl-changelog"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.egroupware.org/changelog"
},
{
"name": "52770",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52770"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178"
},
{
"name": "[egroupware-german] 20110805 new EGroupware SECURITY \u0026 maintenance release 1.8.001.20110805",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/101675/eGroupware-1.8.001.20110421-Open-Redirect.html"
},
{
"name": "[oss-security] 20120328 Re: CVE request: egroupware before 1.8.002 various security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/1"
},
{
"name": "[oss-security] 20120329 Re: CVE request: egroupware before 1.8.002 various security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.egroupware.org/epl-changelog",
"refsource": "CONFIRM",
"url": "http://www.egroupware.org/epl-changelog"
},
{
"name": "http://www.egroupware.org/changelog",
"refsource": "CONFIRM",
"url": "http://www.egroupware.org/changelog"
},
{
"name": "52770",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52770"
},
{
"name": "http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178",
"refsource": "MISC",
"url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178"
},
{
"name": "[egroupware-german] 20110805 new EGroupware SECURITY \u0026 maintenance release 1.8.001.20110805",
"refsource": "MLIST",
"url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144"
},
{
"name": "http://packetstormsecurity.org/files/101675/eGroupware-1.8.001.20110421-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/101675/eGroupware-1.8.001.20110421-Open-Redirect.html"
},
{
"name": "[oss-security] 20120328 Re: CVE request: egroupware before 1.8.002 various security issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/1"
},
{
"name": "[oss-security] 20120329 Re: CVE request: egroupware before 1.8.002 various security issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4951",
"datePublished": "2012-08-31T22:00:00Z",
"dateReserved": "2011-12-23T00:00:00Z",
"dateUpdated": "2024-09-16T18:19:43.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1467
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0.00.003 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) date or search text field in the calendar module, (2) Field parameter, Filter parameter, QField parameter, Start parameter or Search field in the address module, (3) Subject field in the message module or (4) Subject field in the Ticket module.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.gentoo.org/security/en/glsa/glsa-200409-06.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/11013 | vdb-entry, x_refsource_BID | |
| http://sourceforge.net/forum/forum.php?forum_id=401807 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/372603 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17078 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200409-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-06.xml"
},
{
"name": "11013",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11013"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=401807"
},
{
"name": "20040822 Multiple Cross Site Scripting Vulnerabilities in eGroupWare",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/372603"
},
{
"name": "egroupware-mult-modules-xss(17078)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17078"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0.00.003 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) date or search text field in the calendar module, (2) Field parameter, Filter parameter, QField parameter, Start parameter or Search field in the address module, (3) Subject field in the message module or (4) Subject field in the Ticket module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200409-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-06.xml"
},
{
"name": "11013",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11013"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=401807"
},
{
"name": "20040822 Multiple Cross Site Scripting Vulnerabilities in eGroupWare",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/372603"
},
{
"name": "egroupware-mult-modules-xss(17078)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17078"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0.00.003 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) date or search text field in the calendar module, (2) Field parameter, Filter parameter, QField parameter, Start parameter or Search field in the address module, (3) Subject field in the message module or (4) Subject field in the Ticket module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200409-06",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-06.xml"
},
{
"name": "11013",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11013"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=401807",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=401807"
},
{
"name": "20040822 Multiple Cross Site Scripting Vulnerabilities in eGroupWare",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/372603"
},
{
"name": "egroupware-mult-modules-xss(17078)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17078"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1467",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3155
Vulnerability from cvelistv5
Published
2007-06-11 22:00
Modified
2024-08-07 14:05
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/37188 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34914 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/25454 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/24378 | vdb-entry, x_refsource_BID | |
| http://sourceforge.net/project/shownotes.php?release_id=513749&group_id=78745 | x_refsource_CONFIRM | |
| http://sourceforge.net/project/shownotes.php?release_id=513311&group_id=78745 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37188",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37188"
},
{
"name": "egroupware-adodb-unspecified(34914)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34914"
},
{
"name": "25454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25454"
},
{
"name": "24378",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24378"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=513749\u0026group_id=78745"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=513311\u0026group_id=78745"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37188",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37188"
},
{
"name": "egroupware-adodb-unspecified(34914)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34914"
},
{
"name": "25454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25454"
},
{
"name": "24378",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24378"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=513749\u0026group_id=78745"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=513311\u0026group_id=78745"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37188",
"refsource": "OSVDB",
"url": "http://osvdb.org/37188"
},
{
"name": "egroupware-adodb-unspecified(34914)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34914"
},
{
"name": "25454",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25454"
},
{
"name": "24378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24378"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=513749\u0026group_id=78745",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=513749\u0026group_id=78745"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=513311\u0026group_id=78745",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=513311\u0026group_id=78745"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3155",
"datePublished": "2007-06-11T22:00:00",
"dateReserved": "2007-06-11T00:00:00",
"dateUpdated": "2024-08-07T14:05:29.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4949
Vulnerability from cvelistv5
Published
2012-08-31 22:00
Modified
2024-09-17 03:48
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to execute arbitrary SQL commands via the id parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.egroupware.org/epl-changelog | x_refsource_CONFIRM | |
| http://www.autosectools.com/Advisory/eGroupware-1.8.001-SQL-Injection-179 | x_refsource_MISC | |
| http://www.egroupware.org/changelog | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/52770 | vdb-entry, x_refsource_BID | |
| http://comments.gmane.org/gmane.comp.web.egroupware.german/33144 | mailing-list, x_refsource_MLIST | |
| http://packetstormsecurity.org/files/100179/eGroupware-1.8.001-SQL-Injection.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/03/29/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/03/30/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.egroupware.org/epl-changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001-SQL-Injection-179"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.egroupware.org/changelog"
},
{
"name": "52770",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52770"
},
{
"name": "[egroupware-german] 20110805 new EGroupware SECURITY \u0026 maintenance release 1.8.001.20110805",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/100179/eGroupware-1.8.001-SQL-Injection.html"
},
{
"name": "[oss-security] 20120328 Re: CVE request: egroupware before 1.8.002 various security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/1"
},
{
"name": "[oss-security] 20120329 Re: CVE request: egroupware before 1.8.002 various security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-31T22:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.egroupware.org/epl-changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001-SQL-Injection-179"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.egroupware.org/changelog"
},
{
"name": "52770",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52770"
},
{
"name": "[egroupware-german] 20110805 new EGroupware SECURITY \u0026 maintenance release 1.8.001.20110805",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/100179/eGroupware-1.8.001-SQL-Injection.html"
},
{
"name": "[oss-security] 20120328 Re: CVE request: egroupware before 1.8.002 various security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/1"
},
{
"name": "[oss-security] 20120329 Re: CVE request: egroupware before 1.8.002 various security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.egroupware.org/epl-changelog",
"refsource": "CONFIRM",
"url": "http://www.egroupware.org/epl-changelog"
},
{
"name": "http://www.autosectools.com/Advisory/eGroupware-1.8.001-SQL-Injection-179",
"refsource": "MISC",
"url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001-SQL-Injection-179"
},
{
"name": "http://www.egroupware.org/changelog",
"refsource": "CONFIRM",
"url": "http://www.egroupware.org/changelog"
},
{
"name": "52770",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52770"
},
{
"name": "[egroupware-german] 20110805 new EGroupware SECURITY \u0026 maintenance release 1.8.001.20110805",
"refsource": "MLIST",
"url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144"
},
{
"name": "http://packetstormsecurity.org/files/100179/eGroupware-1.8.001-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/100179/eGroupware-1.8.001-SQL-Injection.html"
},
{
"name": "[oss-security] 20120328 Re: CVE request: egroupware before 1.8.002 various security issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/1"
},
{
"name": "[oss-security] 20120329 Re: CVE request: egroupware before 1.8.002 various security issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4949",
"datePublished": "2012-08-31T22:00:00Z",
"dateReserved": "2011-12-23T00:00:00Z",
"dateUpdated": "2024-09-17T03:48:18.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3154
Vulnerability from cvelistv5
Published
2007-06-11 22:00
Modified
2024-08-07 14:05
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34913 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/37187 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/25454 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/24378 | vdb-entry, x_refsource_BID | |
| http://sourceforge.net/project/shownotes.php?release_id=513749&group_id=78745 | x_refsource_CONFIRM | |
| http://www.walterzorn.com/tooltip/history.htm | x_refsource_MISC | |
| http://sourceforge.net/project/shownotes.php?release_id=513311&group_id=78745 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:28.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "egroupware-wztooltips-unspecified(34913)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34913"
},
{
"name": "37187",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37187"
},
{
"name": "25454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25454"
},
{
"name": "24378",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24378"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=513749\u0026group_id=78745"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.walterzorn.com/tooltip/history.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=513311\u0026group_id=78745"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "egroupware-wztooltips-unspecified(34913)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34913"
},
{
"name": "37187",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37187"
},
{
"name": "25454",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25454"
},
{
"name": "24378",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24378"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=513749\u0026group_id=78745"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.walterzorn.com/tooltip/history.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=513311\u0026group_id=78745"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "egroupware-wztooltips-unspecified(34913)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34913"
},
{
"name": "37187",
"refsource": "OSVDB",
"url": "http://osvdb.org/37187"
},
{
"name": "25454",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25454"
},
{
"name": "24378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24378"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=513749\u0026group_id=78745",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=513749\u0026group_id=78745"
},
{
"name": "http://www.walterzorn.com/tooltip/history.htm",
"refsource": "MISC",
"url": "http://www.walterzorn.com/tooltip/history.htm"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=513311\u0026group_id=78745",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=513311\u0026group_id=78745"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3154",
"datePublished": "2007-06-11T22:00:00",
"dateReserved": "2007-06-11T00:00:00",
"dateUpdated": "2024-08-07T14:05:28.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4950
Vulnerability from cvelistv5
Published
2012-08-31 22:00
Modified
2024-09-16 17:47
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in phpgwapi/js/jscalendar/test.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.egroupware.org/epl-changelog | x_refsource_CONFIRM | |
| http://packetstormsecurity.org/files/100180/eGroupware-1.8.001-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.egroupware.org/changelog | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/52770 | vdb-entry, x_refsource_BID | |
| http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178 | x_refsource_MISC | |
| http://comments.gmane.org/gmane.comp.web.egroupware.german/33144 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/03/29/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/03/30/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.egroupware.org/epl-changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/100180/eGroupware-1.8.001-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.egroupware.org/changelog"
},
{
"name": "52770",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52770"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178"
},
{
"name": "[egroupware-german] 20110805 new EGroupware SECURITY \u0026 maintenance release 1.8.001.20110805",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144"
},
{
"name": "[oss-security] 20120328 Re: CVE request: egroupware before 1.8.002 various security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/1"
},
{
"name": "[oss-security] 20120329 Re: CVE request: egroupware before 1.8.002 various security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpgwapi/js/jscalendar/test.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-31T22:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.egroupware.org/epl-changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/100180/eGroupware-1.8.001-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.egroupware.org/changelog"
},
{
"name": "52770",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52770"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178"
},
{
"name": "[egroupware-german] 20110805 new EGroupware SECURITY \u0026 maintenance release 1.8.001.20110805",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144"
},
{
"name": "[oss-security] 20120328 Re: CVE request: egroupware before 1.8.002 various security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/1"
},
{
"name": "[oss-security] 20120329 Re: CVE request: egroupware before 1.8.002 various security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpgwapi/js/jscalendar/test.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.egroupware.org/epl-changelog",
"refsource": "CONFIRM",
"url": "http://www.egroupware.org/epl-changelog"
},
{
"name": "http://packetstormsecurity.org/files/100180/eGroupware-1.8.001-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/100180/eGroupware-1.8.001-Cross-Site-Scripting.html"
},
{
"name": "http://www.egroupware.org/changelog",
"refsource": "CONFIRM",
"url": "http://www.egroupware.org/changelog"
},
{
"name": "52770",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52770"
},
{
"name": "http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178",
"refsource": "MISC",
"url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178"
},
{
"name": "[egroupware-german] 20110805 new EGroupware SECURITY \u0026 maintenance release 1.8.001.20110805",
"refsource": "MLIST",
"url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144"
},
{
"name": "[oss-security] 20120328 Re: CVE request: egroupware before 1.8.002 various security issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/1"
},
{
"name": "[oss-security] 20120329 Re: CVE request: egroupware before 1.8.002 various security issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4950",
"datePublished": "2012-08-31T22:00:00Z",
"dateReserved": "2011-12-23T00:00:00Z",
"dateUpdated": "2024-09-16T17:47:58.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2211
Vulnerability from cvelistv5
Published
2012-11-22 11:00
Modified
2024-09-16 19:47
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in phpgwapi/inc/common_functions_inc.php in eGroupware before 1.8.004.20120405 allows remote attackers to inject arbitrary web script or HTML via the menuaction parameter to etemplate/process_exec.php. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/48703 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.egroupware.org/changelog | x_refsource_CONFIRM | |
| http://packetstormsecurity.org/files/111626/egroupware-xss.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48703"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.egroupware.org/changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/111626/egroupware-xss.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpgwapi/inc/common_functions_inc.php in eGroupware before 1.8.004.20120405 allows remote attackers to inject arbitrary web script or HTML via the menuaction parameter to etemplate/process_exec.php. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-22T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48703",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48703"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.egroupware.org/changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/111626/egroupware-xss.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in phpgwapi/inc/common_functions_inc.php in eGroupware before 1.8.004.20120405 allows remote attackers to inject arbitrary web script or HTML via the menuaction parameter to etemplate/process_exec.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48703",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48703"
},
{
"name": "http://www.egroupware.org/changelog",
"refsource": "CONFIRM",
"url": "http://www.egroupware.org/changelog"
},
{
"name": "http://packetstormsecurity.org/files/111626/egroupware-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/111626/egroupware-xss.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2211",
"datePublished": "2012-11-22T11:00:00Z",
"dateReserved": "2012-04-06T00:00:00Z",
"dateUpdated": "2024-09-16T19:47:02.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38328
Vulnerability from cvelistv5
Published
2023-10-26 00:00
Modified
2024-09-10 16:17
Severity ?
EPSS score ?
Summary
An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.gruppotim.it/it/footer/red-team.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:17:41.467494Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T16:17:54.421Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-26T21:31:46.581910",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.gruppotim.it/it/footer/red-team.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38328",
"datePublished": "2023-10-26T00:00:00",
"dateReserved": "2023-07-14T00:00:00",
"dateUpdated": "2024-09-10T16:17:54.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-40614
Vulnerability from cvelistv5
Published
2024-07-07 00:00
Modified
2024-11-21 16:59
Severity ?
EPSS score ?
Summary
EGroupware before 23.1.20240624 mishandles an ORDER BY clause. This leads to json.php?menuaction=EGroupware\Api\Etemplate\Widget\Nextmatch::ajax_get_rows sort.id SQL injection by authenticated users for Address Book or InfoLog sorting.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-40614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T19:57:01.250122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:59:40.009Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://syss.de"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/EGroupware/egroupware/releases/tag/23.1.20240624"
},
{
"tags": [
"x_transferred"
],
"url": "https://help.egroupware.org/t/egroupware-maintenance-security-release-23-1-20240624/78438"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/EGroupware/egroupware/compare/23.1.20240430...23.1.20240624"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/EGroupware/egroupware/commit/553829d30cc2ccdc0e5a8c5a0e16fa03a3399a3f"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.syss.de/pentest-blog/sql-injection-schwachstelle-in-egroupware-syss-2024-047"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-047.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EGroupware before 23.1.20240624 mishandles an ORDER BY clause. This leads to json.php?menuaction=EGroupware\\Api\\Etemplate\\Widget\\Nextmatch::ajax_get_rows sort.id SQL injection by authenticated users for Address Book or InfoLog sorting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T12:13:47.520237",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://syss.de"
},
{
"url": "https://github.com/EGroupware/egroupware/releases/tag/23.1.20240624"
},
{
"url": "https://help.egroupware.org/t/egroupware-maintenance-security-release-23-1-20240624/78438"
},
{
"url": "https://github.com/EGroupware/egroupware/compare/23.1.20240430...23.1.20240624"
},
{
"url": "https://github.com/EGroupware/egroupware/commit/553829d30cc2ccdc0e5a8c5a0e16fa03a3399a3f"
},
{
"url": "https://www.syss.de/pentest-blog/sql-injection-schwachstelle-in-egroupware-syss-2024-047"
},
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-047.txt"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-40614",
"datePublished": "2024-07-07T00:00:00",
"dateReserved": "2024-07-07T00:00:00",
"dateUpdated": "2024-11-21T16:59:40.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-14920
Vulnerability from cvelistv5
Published
2017-09-29 07:00
Modified
2024-08-05 19:42
Severity ?
EPSS score ?
Summary
Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openwall.com/lists/oss-security/2017/09/28/12 | x_refsource_MISC | |
| https://github.com/EGroupware/egroupware/commit/0ececf8c78f1c3f9ba15465f53a682dd7d89529f | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:21.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2017/09/28/12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/EGroupware/egroupware/commit/0ececf8c78f1c3f9ba15465f53a682dd7d89529f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-29T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2017/09/28/12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/EGroupware/egroupware/commit/0ececf8c78f1c3f9ba15465f53a682dd7d89529f"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openwall.com/lists/oss-security/2017/09/28/12",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/09/28/12"
},
{
"name": "https://github.com/EGroupware/egroupware/commit/0ececf8c78f1c3f9ba15465f53a682dd7d89529f",
"refsource": "MISC",
"url": "https://github.com/EGroupware/egroupware/commit/0ececf8c78f1c3f9ba15465f53a682dd7d89529f"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14920",
"datePublished": "2017-09-29T07:00:00",
"dateReserved": "2017-09-29T00:00:00",
"dateUpdated": "2024-08-05T19:42:21.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5091
Vulnerability from cvelistv5
Published
2007-09-26 20:00
Modified
2024-08-07 15:17
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4.001 allow remote attackers to inject arbitrary web script or HTML via the cat_data[color] parameter to (1) preferences/inc/class.uicategories.inc.php and (2) admin/inc/class.uicategories.inc.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/25800 | vdb-entry, x_refsource_BID | |
| http://www.egroupware.org/viewvc/branches/1.4/admin/inc/class.uicategories.inc.php?r1=23611&r2=24443&pathrev=24443 | x_refsource_CONFIRM | |
| http://www.egroupware.org/news | x_refsource_CONFIRM | |
| http://secunia.com/advisories/26944 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.egroupware.org/viewvc/branches/1.4/preferences/inc/class.uicategories.inc.php?r1=23741&r2=24443&pathrev=24443 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:28.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25800",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.egroupware.org/viewvc/branches/1.4/admin/inc/class.uicategories.inc.php?r1=23611\u0026r2=24443\u0026pathrev=24443"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.egroupware.org/news"
},
{
"name": "26944",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26944"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.egroupware.org/viewvc/branches/1.4/preferences/inc/class.uicategories.inc.php?r1=23741\u0026r2=24443\u0026pathrev=24443"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4.001 allow remote attackers to inject arbitrary web script or HTML via the cat_data[color] parameter to (1) preferences/inc/class.uicategories.inc.php and (2) admin/inc/class.uicategories.inc.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25800",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.egroupware.org/viewvc/branches/1.4/admin/inc/class.uicategories.inc.php?r1=23611\u0026r2=24443\u0026pathrev=24443"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.egroupware.org/news"
},
{
"name": "26944",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26944"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.egroupware.org/viewvc/branches/1.4/preferences/inc/class.uicategories.inc.php?r1=23741\u0026r2=24443\u0026pathrev=24443"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4.001 allow remote attackers to inject arbitrary web script or HTML via the cat_data[color] parameter to (1) preferences/inc/class.uicategories.inc.php and (2) admin/inc/class.uicategories.inc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25800",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25800"
},
{
"name": "http://www.egroupware.org/viewvc/branches/1.4/admin/inc/class.uicategories.inc.php?r1=23611\u0026r2=24443\u0026pathrev=24443",
"refsource": "CONFIRM",
"url": "http://www.egroupware.org/viewvc/branches/1.4/admin/inc/class.uicategories.inc.php?r1=23611\u0026r2=24443\u0026pathrev=24443"
},
{
"name": "http://www.egroupware.org/news",
"refsource": "CONFIRM",
"url": "http://www.egroupware.org/news"
},
{
"name": "26944",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26944"
},
{
"name": "http://www.egroupware.org/viewvc/branches/1.4/preferences/inc/class.uicategories.inc.php?r1=23741\u0026r2=24443\u0026pathrev=24443",
"refsource": "CONFIRM",
"url": "http://www.egroupware.org/viewvc/branches/1.4/preferences/inc/class.uicategories.inc.php?r1=23741\u0026r2=24443\u0026pathrev=24443"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5091",
"datePublished": "2007-09-26T20:00:00",
"dateReserved": "2007-09-26T00:00:00",
"dateUpdated": "2024-08-07T15:17:28.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1502
Vulnerability from cvelistv5
Published
2008-03-25 19:00
Modified
2024-08-07 08:24
Severity ?
EPSS score ?
Summary
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29491",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29491"
},
{
"name": "31017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31017"
},
{
"name": "32400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32400"
},
{
"name": "SUSE-SR:2008:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html"
},
{
"name": "32446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32446"
},
{
"name": "DSA-1871",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1871"
},
{
"name": "30986",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30986"
},
{
"name": "egroupware-badprotocolonce-security-bypass(41435)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41435"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.egroupware.org/viewvc/branches/1.4/phpgwapi/inc/class.kses.inc.php?r1=23625\u0026r2=25110\u0026pathrev=25110"
},
{
"name": "FEDORA-2008-6226",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00331.html"
},
{
"name": "31018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31018"
},
{
"name": "USN-658-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/658-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.moodle.org/en/Release_Notes#Moodle_1.8.5"
},
{
"name": "[oss-security] 20080708 Re: CVE request: moodle xss in \u003c 1.8.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/14"
},
{
"name": "30073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30073"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.egroupware.org/changelog"
},
{
"name": "28424",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28424"
},
{
"name": "GLSA-200805-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-04.xml"
},
{
"name": "ADV-2008-0989",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0989/references"
},
{
"name": "DSA-1691",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1691"
},
{
"name": "31167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31167"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29491",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29491"
},
{
"name": "31017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31017"
},
{
"name": "32400",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32400"
},
{
"name": "SUSE-SR:2008:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html"
},
{
"name": "32446",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32446"
},
{
"name": "DSA-1871",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1871"
},
{
"name": "30986",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30986"
},
{
"name": "egroupware-badprotocolonce-security-bypass(41435)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41435"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.egroupware.org/viewvc/branches/1.4/phpgwapi/inc/class.kses.inc.php?r1=23625\u0026r2=25110\u0026pathrev=25110"
},
{
"name": "FEDORA-2008-6226",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00331.html"
},
{
"name": "31018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31018"
},
{
"name": "USN-658-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/658-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.moodle.org/en/Release_Notes#Moodle_1.8.5"
},
{
"name": "[oss-security] 20080708 Re: CVE request: moodle xss in \u003c 1.8.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/14"
},
{
"name": "30073",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30073"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.egroupware.org/changelog"
},
{
"name": "28424",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28424"
},
{
"name": "GLSA-200805-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-04.xml"
},
{
"name": "ADV-2008-0989",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0989/references"
},
{
"name": "DSA-1691",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1691"
},
{
"name": "31167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31167"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29491",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29491"
},
{
"name": "31017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31017"
},
{
"name": "32400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32400"
},
{
"name": "SUSE-SR:2008:015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html"
},
{
"name": "32446",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32446"
},
{
"name": "DSA-1871",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1871"
},
{
"name": "30986",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30986"
},
{
"name": "egroupware-badprotocolonce-security-bypass(41435)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41435"
},
{
"name": "http://www.egroupware.org/viewvc/branches/1.4/phpgwapi/inc/class.kses.inc.php?r1=23625\u0026r2=25110\u0026pathrev=25110",
"refsource": "MISC",
"url": "http://www.egroupware.org/viewvc/branches/1.4/phpgwapi/inc/class.kses.inc.php?r1=23625\u0026r2=25110\u0026pathrev=25110"
},
{
"name": "FEDORA-2008-6226",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00331.html"
},
{
"name": "31018",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31018"
},
{
"name": "USN-658-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/658-1/"
},
{
"name": "http://docs.moodle.org/en/Release_Notes#Moodle_1.8.5",
"refsource": "CONFIRM",
"url": "http://docs.moodle.org/en/Release_Notes#Moodle_1.8.5"
},
{
"name": "[oss-security] 20080708 Re: CVE request: moodle xss in \u003c 1.8.5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/14"
},
{
"name": "30073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30073"
},
{
"name": "http://www.egroupware.org/changelog",
"refsource": "CONFIRM",
"url": "http://www.egroupware.org/changelog"
},
{
"name": "28424",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28424"
},
{
"name": "GLSA-200805-04",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-04.xml"
},
{
"name": "ADV-2008-0989",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0989/references"
},
{
"name": "DSA-1691",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1691"
},
{
"name": "31167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31167"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1502",
"datePublished": "2008-03-25T19:00:00",
"dateReserved": "2008-03-25T00:00:00",
"dateUpdated": "2024-08-07T08:24:41.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2027
Vulnerability from cvelistv5
Published
2015-03-31 14:00
Modified
2024-08-06 09:58
Severity ?
EPSS score ?
Summary
eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans parameter to addressbook/csv_import.php, (3) cal_fields or (4) trans parameter to calendar/csv_import.php, (5) info_fields or (6) trans parameter to csv_import.php in (a) projectmanager/ or (b) infolog/, or (7) processed parameter to preferences/inc/class.uiaclprefs.inc.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:087 | vendor-advisory, x_refsource_MANDRIVA | |
| http://openwall.com/lists/oss-security/2014/02/19/4 | mailing-list, x_refsource_MLIST | |
| http://openwall.com/lists/oss-security/2014/02/19/10 | mailing-list, x_refsource_MLIST | |
| http://sourceforge.net/projects/egroupware/files/eGroupware-1.8/README/download | x_refsource_CONFIRM | |
| http://advisories.mageia.org/MGASA-2014-0116.html | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201711-12 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:58:16.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2015:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:087"
},
{
"name": "[oss-security] 20140219 Re: CVE request: remote code execution in egroupware \u003c= 1.8.005",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/02/19/4"
},
{
"name": "[oss-security] 20140219 Re: CVE request: remote code execution in egroupware \u003c= 1.8.005",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/02/19/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/egroupware/files/eGroupware-1.8/README/download"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0116.html"
},
{
"name": "GLSA-201711-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201711-12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans parameter to addressbook/csv_import.php, (3) cal_fields or (4) trans parameter to calendar/csv_import.php, (5) info_fields or (6) trans parameter to csv_import.php in (a) projectmanager/ or (b) infolog/, or (7) processed parameter to preferences/inc/class.uiaclprefs.inc.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-13T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2015:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:087"
},
{
"name": "[oss-security] 20140219 Re: CVE request: remote code execution in egroupware \u003c= 1.8.005",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/02/19/4"
},
{
"name": "[oss-security] 20140219 Re: CVE request: remote code execution in egroupware \u003c= 1.8.005",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/02/19/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/egroupware/files/eGroupware-1.8/README/download"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0116.html"
},
{
"name": "GLSA-201711-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201711-12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans parameter to addressbook/csv_import.php, (3) cal_fields or (4) trans parameter to calendar/csv_import.php, (5) info_fields or (6) trans parameter to csv_import.php in (a) projectmanager/ or (b) infolog/, or (7) processed parameter to preferences/inc/class.uiaclprefs.inc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2015:087",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:087"
},
{
"name": "[oss-security] 20140219 Re: CVE request: remote code execution in egroupware \u003c= 1.8.005",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/02/19/4"
},
{
"name": "[oss-security] 20140219 Re: CVE request: remote code execution in egroupware \u003c= 1.8.005",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/02/19/10"
},
{
"name": "http://sourceforge.net/projects/egroupware/files/eGroupware-1.8/README/download",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/egroupware/files/eGroupware-1.8/README/download"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0116.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0116.html"
},
{
"name": "GLSA-201711-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2027",
"datePublished": "2015-03-31T14:00:00",
"dateReserved": "2014-02-19T00:00:00",
"dateUpdated": "2024-08-06T09:58:16.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4948
Vulnerability from cvelistv5
Published
2012-08-31 22:00
Modified
2024-09-16 20:21
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in admin/remote.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in the type parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.egroupware.org/epl-changelog | x_refsource_CONFIRM | |
| http://www.autosectools.com/Advisory/eGroupware-1.8.001.20110421-Local-File-Inclusion-224 | x_refsource_MISC | |
| http://packetstormsecurity.org/files/101676/eGroupware-1.8.001.20110421-Local-File-Inclusion.html | x_refsource_MISC | |
| http://www.egroupware.org/changelog | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/52770 | vdb-entry, x_refsource_BID | |
| http://comments.gmane.org/gmane.comp.web.egroupware.german/33144 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/03/29/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/03/30/3 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.egroupware.org/epl-changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001.20110421-Local-File-Inclusion-224"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/101676/eGroupware-1.8.001.20110421-Local-File-Inclusion.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.egroupware.org/changelog"
},
{
"name": "52770",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52770"
},
{
"name": "[egroupware-german] 20110805 new EGroupware SECURITY \u0026 maintenance release 1.8.001.20110805",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144"
},
{
"name": "[oss-security] 20120328 Re: CVE request: egroupware before 1.8.002 various security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/1"
},
{
"name": "[oss-security] 20120329 Re: CVE request: egroupware before 1.8.002 various security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in admin/remote.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in the type parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-31T22:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.egroupware.org/epl-changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001.20110421-Local-File-Inclusion-224"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/101676/eGroupware-1.8.001.20110421-Local-File-Inclusion.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.egroupware.org/changelog"
},
{
"name": "52770",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52770"
},
{
"name": "[egroupware-german] 20110805 new EGroupware SECURITY \u0026 maintenance release 1.8.001.20110805",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144"
},
{
"name": "[oss-security] 20120328 Re: CVE request: egroupware before 1.8.002 various security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/1"
},
{
"name": "[oss-security] 20120329 Re: CVE request: egroupware before 1.8.002 various security issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in admin/remote.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in the type parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.egroupware.org/epl-changelog",
"refsource": "CONFIRM",
"url": "http://www.egroupware.org/epl-changelog"
},
{
"name": "http://www.autosectools.com/Advisory/eGroupware-1.8.001.20110421-Local-File-Inclusion-224",
"refsource": "MISC",
"url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001.20110421-Local-File-Inclusion-224"
},
{
"name": "http://packetstormsecurity.org/files/101676/eGroupware-1.8.001.20110421-Local-File-Inclusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/101676/eGroupware-1.8.001.20110421-Local-File-Inclusion.html"
},
{
"name": "http://www.egroupware.org/changelog",
"refsource": "CONFIRM",
"url": "http://www.egroupware.org/changelog"
},
{
"name": "52770",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52770"
},
{
"name": "[egroupware-german] 20110805 new EGroupware SECURITY \u0026 maintenance release 1.8.001.20110805",
"refsource": "MLIST",
"url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144"
},
{
"name": "[oss-security] 20120328 Re: CVE request: egroupware before 1.8.002 various security issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/1"
},
{
"name": "[oss-security] 20120329 Re: CVE request: egroupware before 1.8.002 various security issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4948",
"datePublished": "2012-08-31T22:00:00Z",
"dateReserved": "2011-12-23T00:00:00Z",
"dateUpdated": "2024-09-16T20:21:15.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3314
Vulnerability from cvelistv5
Published
2010-09-22 18:00
Modified
2024-09-17 02:46
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/11777/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.egroupware.org/news?item=93 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2010/dsa-2013 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2010/09/21/7 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:03:18.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11777",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/11777/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.egroupware.org/news?item=93"
},
{
"name": "DSA-2013",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2013"
},
{
"name": "[oss-security] 20100921 Re: CVE request: egroupware remote code and xss",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/21/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-22T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "11777",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/11777/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.egroupware.org/news?item=93"
},
{
"name": "DSA-2013",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2013"
},
{
"name": "[oss-security] 20100921 Re: CVE request: egroupware remote code and xss",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/21/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11777",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11777/"
},
{
"name": "http://www.egroupware.org/news?item=93",
"refsource": "CONFIRM",
"url": "http://www.egroupware.org/news?item=93"
},
{
"name": "DSA-2013",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2013"
},
{
"name": "[oss-security] 20100921 Re: CVE request: egroupware remote code and xss",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/21/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3314",
"datePublished": "2010-09-22T18:00:00Z",
"dateReserved": "2010-09-13T00:00:00Z",
"dateUpdated": "2024-09-17T02:46:30.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1202
Vulnerability from cvelistv5
Published
2005-04-21 04:00
Modified
2024-08-07 21:44
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sourceforge.net/project/shownotes.php?release_id=320768 | x_refsource_CONFIRM | |
| http://www.osvdb.org/15751 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/13212 | vdb-entry, x_refsource_BID | |
| http://www.gulftech.org/?node=research&article_id=00069-04202005 | x_refsource_MISC | |
| http://security.gentoo.org/glsa/glsa-200504-24.xml | vendor-advisory, x_refsource_GENTOO | |
| http://marc.info/?l=bugtraq&m=111401760125555&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/14982 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=320768"
},
{
"name": "15751",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15751"
},
{
"name": "13212",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13212"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00069-04202005"
},
{
"name": "GLSA-200504-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200504-24.xml"
},
{
"name": "20050420 Multiple eGroupware Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111401760125555\u0026w=2"
},
{
"name": "14982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=320768"
},
{
"name": "15751",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15751"
},
{
"name": "13212",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13212"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00069-04202005"
},
{
"name": "GLSA-200504-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200504-24.xml"
},
{
"name": "20050420 Multiple eGroupware Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111401760125555\u0026w=2"
},
{
"name": "14982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14982"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=320768",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=320768"
},
{
"name": "15751",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15751"
},
{
"name": "13212",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13212"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00069-04202005",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00069-04202005"
},
{
"name": "GLSA-200504-24",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200504-24.xml"
},
{
"name": "20050420 Multiple eGroupware Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111401760125555\u0026w=2"
},
{
"name": "14982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14982"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1202",
"datePublished": "2005-04-21T04:00:00",
"dateReserved": "2005-04-21T00:00:00",
"dateUpdated": "2024-08-07T21:44:05.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1129
Vulnerability from cvelistv5
Published
2005-04-16 04:00
Modified
2024-08-07 21:35
Severity ?
EPSS score ?
Summary
eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/14940 | third-party-advisory, x_refsource_SECUNIA | |
| http://archives.neohapsis.com/archives/bugtraq/2005-04/0157.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20088 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/13137 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/15499 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:59.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14940"
},
{
"name": "20050412 eGroupWare Leaks Files",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-04/0157.html"
},
{
"name": "egroupware-email-information-disclosure(20088)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20088"
},
{
"name": "13137",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13137"
},
{
"name": "15499",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15499"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14940",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14940"
},
{
"name": "20050412 eGroupWare Leaks Files",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-04/0157.html"
},
{
"name": "egroupware-email-information-disclosure(20088)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20088"
},
{
"name": "13137",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13137"
},
{
"name": "15499",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15499"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14940",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14940"
},
{
"name": "20050412 eGroupWare Leaks Files",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-04/0157.html"
},
{
"name": "egroupware-email-information-disclosure(20088)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20088"
},
{
"name": "13137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13137"
},
{
"name": "15499",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15499"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1129",
"datePublished": "2005-04-16T04:00:00",
"dateReserved": "2005-04-16T00:00:00",
"dateUpdated": "2024-08-07T21:35:59.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3313
Vulnerability from cvelistv5
Published
2010-09-22 18:00
Modified
2024-09-16 20:37
Severity ?
EPSS score ?
Summary
phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/11777/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.egroupware.org/news?item=93 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2010/dsa-2013 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2010/09/21/7 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:03:18.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11777",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/11777/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.egroupware.org/news?item=93"
},
{
"name": "DSA-2013",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2013"
},
{
"name": "[oss-security] 20100921 Re: CVE request: egroupware remote code and xss",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/21/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-22T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "11777",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/11777/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.egroupware.org/news?item=93"
},
{
"name": "DSA-2013",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2013"
},
{
"name": "[oss-security] 20100921 Re: CVE request: egroupware remote code and xss",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/21/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11777",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11777/"
},
{
"name": "http://www.egroupware.org/news?item=93",
"refsource": "CONFIRM",
"url": "http://www.egroupware.org/news?item=93"
},
{
"name": "DSA-2013",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2013"
},
{
"name": "[oss-security] 20100921 Re: CVE request: egroupware remote code and xss",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/09/21/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3313",
"datePublished": "2010-09-22T18:00:00Z",
"dateReserved": "2010-09-13T00:00:00Z",
"dateUpdated": "2024-09-16T20:37:37.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1203
Vulnerability from cvelistv5
Published
2005-04-21 04:00
Modified
2024-08-07 21:44
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sourceforge.net/project/shownotes.php?release_id=320768 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/13212 | vdb-entry, x_refsource_BID | |
| http://www.gulftech.org/?node=research&article_id=00069-04202005 | x_refsource_MISC | |
| http://www.osvdb.org/15753 | vdb-entry, x_refsource_OSVDB | |
| http://security.gentoo.org/glsa/glsa-200504-24.xml | vendor-advisory, x_refsource_GENTOO | |
| http://marc.info/?l=bugtraq&m=111401760125555&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/14982 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=320768"
},
{
"name": "13212",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13212"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00069-04202005"
},
{
"name": "15753",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15753"
},
{
"name": "GLSA-200504-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200504-24.xml"
},
{
"name": "20050420 Multiple eGroupware Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111401760125555\u0026w=2"
},
{
"name": "14982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=320768"
},
{
"name": "13212",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13212"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00069-04202005"
},
{
"name": "15753",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15753"
},
{
"name": "GLSA-200504-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200504-24.xml"
},
{
"name": "20050420 Multiple eGroupware Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111401760125555\u0026w=2"
},
{
"name": "14982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14982"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=320768",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=320768"
},
{
"name": "13212",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13212"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00069-04202005",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00069-04202005"
},
{
"name": "15753",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15753"
},
{
"name": "GLSA-200504-24",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200504-24.xml"
},
{
"name": "20050420 Multiple eGroupware Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111401760125555\u0026w=2"
},
{
"name": "14982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14982"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1203",
"datePublished": "2005-04-21T04:00:00",
"dateReserved": "2005-04-21T00:00:00",
"dateUpdated": "2024-08-07T21:44:05.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2987
Vulnerability from cvelistv5
Published
2014-10-26 18:00
Modified
2024-08-06 10:28
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an admin.uiaccounts.add_user action to index.php or (2) modify settings via the newsettings parameter in an admin.uiconfig.index action to index.php. NOTE: vector 2 can be used to execute arbitrary PHP code by leveraging CVE-2014-2988.
References
| ▼ | URL | Tags |
|---|---|---|
| http://advisories.mageia.org/MGASA-2014-0221.html | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:087 | vendor-advisory, x_refsource_MANDRIVA | |
| http://secunia.com/advisories/58346 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.egroupware.org/forum#nabble-td3997580 | x_refsource_CONFIRM | |
| https://www.htbridge.com/advisory/HTB23212 | x_refsource_MISC | |
| http://www.egroupware.org/changelog | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/532103/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0221.html"
},
{
"name": "MDVSA-2015:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:087"
},
{
"name": "58346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58346"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.egroupware.org/forum#nabble-td3997580"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23212"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.egroupware.org/changelog"
},
{
"name": "20140514 CSRF and Remote Code Execution in EGroupware",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532103/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an admin.uiaccounts.add_user action to index.php or (2) modify settings via the newsettings parameter in an admin.uiconfig.index action to index.php. NOTE: vector 2 can be used to execute arbitrary PHP code by leveraging CVE-2014-2988."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0221.html"
},
{
"name": "MDVSA-2015:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:087"
},
{
"name": "58346",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58346"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.egroupware.org/forum#nabble-td3997580"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23212"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.egroupware.org/changelog"
},
{
"name": "20140514 CSRF and Remote Code Execution in EGroupware",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532103/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an admin.uiaccounts.add_user action to index.php or (2) modify settings via the newsettings parameter in an admin.uiconfig.index action to index.php. NOTE: vector 2 can be used to execute arbitrary PHP code by leveraging CVE-2014-2988."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://advisories.mageia.org/MGASA-2014-0221.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0221.html"
},
{
"name": "MDVSA-2015:087",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:087"
},
{
"name": "58346",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58346"
},
{
"name": "http://www.egroupware.org/forum#nabble-td3997580",
"refsource": "CONFIRM",
"url": "http://www.egroupware.org/forum#nabble-td3997580"
},
{
"name": "https://www.htbridge.com/advisory/HTB23212",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23212"
},
{
"name": "http://www.egroupware.org/changelog",
"refsource": "CONFIRM",
"url": "http://www.egroupware.org/changelog"
},
{
"name": "20140514 CSRF and Remote Code Execution in EGroupware",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532103/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2987",
"datePublished": "2014-10-26T18:00:00",
"dateReserved": "2014-04-24T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-2988
Vulnerability from cvelistv5
Published
2014-10-27 01:00
Modified
2024-08-06 10:28
Severity ?
EPSS score ?
Summary
EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the call_user_func PHP function, as demonstrated using the newsettings[system] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2987.
References
| ▼ | URL | Tags |
|---|---|---|
| http://advisories.mageia.org/MGASA-2014-0221.html | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:087 | vendor-advisory, x_refsource_MANDRIVA | |
| https://www.htbridge.com/advisory/HTB23212 | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/532103/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0221.html"
},
{
"name": "MDVSA-2015:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:087"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23212"
},
{
"name": "20140514 CSRF and Remote Code Execution in EGroupware",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532103/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the call_user_func PHP function, as demonstrated using the newsettings[system] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2987."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0221.html"
},
{
"name": "MDVSA-2015:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:087"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23212"
},
{
"name": "20140514 CSRF and Remote Code Execution in EGroupware",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532103/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the call_user_func PHP function, as demonstrated using the newsettings[system] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2987."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://advisories.mageia.org/MGASA-2014-0221.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0221.html"
},
{
"name": "MDVSA-2015:087",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:087"
},
{
"name": "https://www.htbridge.com/advisory/HTB23212",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23212"
},
{
"name": "20140514 CSRF and Remote Code Execution in EGroupware",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532103/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2988",
"datePublished": "2014-10-27T01:00:00",
"dateReserved": "2014-04-24T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-09-30 01:29
Modified
2024-11-21 03:13
Severity ?
Summary
Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://openwall.com/lists/oss-security/2017/09/28/12 | Issue Tracking, Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/EGroupware/egroupware/commit/0ececf8c78f1c3f9ba15465f53a682dd7d89529f | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2017/09/28/12 | Issue Tracking, Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/EGroupware/egroupware/commit/0ececf8c78f1c3f9ba15465f53a682dd7d89529f | Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| egroupware | egroupware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware:*:*:*:*:community:*:*:*",
"matchCriteriaId": "D9A5A866-ADA0-41C9-A509-057CB2FAC05B",
"versionEndIncluding": "16.1.20170703",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) persistente en las versiones anteriores a 16.1.20170922 de eGroupware Community Edition permite que un atacante remoto sin autenticar inyecte c\u00f3digo JavaScript mediante la cabecera HTTP User-Agent, la cual no se gestiona correctamente durante el renderizado por parte del administrador de la aplicaci\u00f3n."
}
],
"id": "CVE-2017-14920",
"lastModified": "2024-11-21T03:13:45.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-30T01:29:01.867",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2017/09/28/12"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/EGroupware/egroupware/commit/0ececf8c78f1c3f9ba15465f53a682dd7d89529f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2017/09/28/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/EGroupware/egroupware/commit/0ececf8c78f1c3f9ba15465f53a682dd7d89529f"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0.00.003 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) date or search text field in the calendar module, (2) Field parameter, Filter parameter, QField parameter, Start parameter or Search field in the address module, (3) Subject field in the message module or (4) Subject field in the Ticket module.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| egroupware | egroupware | 1.0 | |
| egroupware | egroupware | 1.0.1 | |
| egroupware | egroupware | 1.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E440ECF0-C87D-432B-91D6-C1D61FF780C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "598C8726-BD8E-41F5-8A83-E06CF6F24C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E91357C7-8028-4870-AEDB-DACEC0EE1E70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0.00.003 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) date or search text field in the calendar module, (2) Field parameter, Filter parameter, QField parameter, Start parameter or Search field in the address module, (3) Subject field in the message module or (4) Subject field in the Ticket module."
}
],
"id": "CVE-2004-1467",
"lastModified": "2024-11-20T23:50:57.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/forum/forum.php?forum_id=401807"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/372603"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/11013"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/forum/forum.php?forum_id=401807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/372603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/11013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17078"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| egroupware | egroupware | 1.0 | |
| egroupware | egroupware | 1.0.1 | |
| egroupware | egroupware | 1.0.3 | |
| egroupware | egroupware | 1.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E440ECF0-C87D-432B-91D6-C1D61FF780C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "598C8726-BD8E-41F5-8A83-E06CF6F24C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E91357C7-8028-4870-AEDB-DACEC0EE1E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE992D5-371B-466C-8A08-884B146694D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter."
}
],
"id": "CVE-2005-1202",
"lastModified": "2024-11-20T23:56:50.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111401760125555\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/14982"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://security.gentoo.org/glsa/glsa-200504-24.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=320768"
},
{
"source": "cve@mitre.org",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00069-04202005"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/15751"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/13212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111401760125555\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/14982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://security.gentoo.org/glsa/glsa-200504-24.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=320768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00069-04202005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/15751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/13212"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-22 19:00
Modified
2024-11-21 01:18
Severity ?
Summary
phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| egroupware | egroupware | 1.4.001 | |
| egroupware | egroupware | 1.4.001\+.002 | |
| egroupware | egroupware | 1.4.002 | |
| egroupware | egroupware | 1.6.001 | |
| egroupware | egroupware | 1.6.001\+.002 | |
| egroupware | egroupware | 1.6.002 | |
| egroupware | egroupware | 9.1 | |
| egroupware | egroupware | 9.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.4.001:*:*:*:*:*:*:*",
"matchCriteriaId": "F22F0392-6D7A-4133-83AA-C14F1B69A167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.4.001\\+.002:*:*:*:*:*:*:*",
"matchCriteriaId": "65987EB6-F4D8-47C9-B95F-DEA15E94A3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.4.002:*:*:*:*:*:*:*",
"matchCriteriaId": "896271FE-50B1-436B-8926-1CE685667D03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.6.001:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE768DF-9605-40FA-8840-C60D2C0DCE0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.6.001\\+.002:*:*:*:*:*:*:*",
"matchCriteriaId": "C105EFE2-0592-45B3-A362-4208245EDD9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.6.002:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB7B153-61AE-499D-8577-CC83CC100C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:9.1:-:commercial_epl:*:*:*:*:*",
"matchCriteriaId": "C9D0492E-A33E-43D4-8E57-C74D677A1B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:9.2:-:commercial_epl:*:*:*:*:*",
"matchCriteriaId": "37AD8770-074D-42E3-81CC-E3A7D8856FD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters."
},
{
"lang": "es",
"value": "phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php en EGroupware v1.4.001+.002; v1.6.001+.002 y posiblemente otras versiones anteriores a v1.6.003 y EPL v9.1 anterior a v9.1.20100309 y v9.2 anterior a v9.2.20100309; permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de metacaracteres shell en los par\u00e1metros (1) aspell_path y (2) spellchecker_lang"
}
],
"id": "CVE-2010-3313",
"lastModified": "2024-11-21T01:18:29.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-09-22T19:00:03.777",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2013"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.egroupware.org/news?item=93"
},
{
"source": "secalert@redhat.com",
"url": "http://www.exploit-db.com/exploits/11777/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/09/21/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.egroupware.org/news?item=93"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/11777/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/09/21/7"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-22 12:28
Modified
2024-11-21 01:38
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in phpgwapi/inc/common_functions_inc.php in eGroupware before 1.8.004.20120405 allows remote attackers to inject arbitrary web script or HTML via the menuaction parameter to etemplate/process_exec.php. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| egroupware | egroupware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6903196-5241-411A-8FC1-84B88A658663",
"versionEndIncluding": "1.8.002.20111111",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpgwapi/inc/common_functions_inc.php in eGroupware before 1.8.004.20120405 allows remote attackers to inject arbitrary web script or HTML via the menuaction parameter to etemplate/process_exec.php. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en phpgwapi/inc/common_functions_inc.php en eGroupware antes de v1.8.004.20120405 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro MenuAction a etemplate/process_exec.php. NOTA: algunos de estos detalles han sido obtenidos a partir de informaci\u00f3n de terceros."
}
],
"id": "CVE-2012-2211",
"lastModified": "2024-11-21T01:38:42.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-11-22T12:28:40.993",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/111626/egroupware-xss.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48703"
},
{
"source": "cve@mitre.org",
"url": "http://www.egroupware.org/changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/111626/egroupware-xss.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.egroupware.org/changelog"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-31 22:55
Modified
2024-11-21 01:33
Severity ?
Summary
Directory traversal vulnerability in admin/remote.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in the type parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| egroupware | egroupware | * | |
| egroupware | egroupware_enterprise_line | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware:*:-:community:*:*:*:*:*",
"matchCriteriaId": "32925DE0-3391-480B-AC6E-8DD8D9A664F8",
"versionEndIncluding": "1.8.001.20110421",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware_enterprise_line:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD9684D-F736-4966-8A43-2A73AA4CA853",
"versionEndIncluding": "11.1.20110711-1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in admin/remote.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in the type parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en admin/remote.php en EGroupware Enterprise Line (EPL) anteriores a v11.1.20110804-1 y EGroupware Community Edition anteriores a v1.8.001.20110805 permite a atacantes remotos leer ficheros de su elecci\u00f3n mediante los caracteres ..%2f (punto punto barra, codificados) en el par\u00e1metro type."
}
],
"id": "CVE-2011-4948",
"lastModified": "2024-11-21T01:33:20.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-31T22:55:01.340",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/101676/eGroupware-1.8.001.20110421-Local-File-Inclusion.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001.20110421-Local-File-Inclusion-224"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.egroupware.org/changelog"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.egroupware.org/epl-changelog"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/52770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/101676/eGroupware-1.8.001.20110421-Local-File-Inclusion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001.20110421-Local-File-Inclusion-224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.egroupware.org/changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.egroupware.org/epl-changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52770"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-31 22:55
Modified
2024-11-21 01:33
Severity ?
Summary
Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| egroupware | egroupware | * | |
| egroupware | egroupware_enterprise_line | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware:*:-:community:*:*:*:*:*",
"matchCriteriaId": "32925DE0-3391-480B-AC6E-8DD8D9A664F8",
"versionEndIncluding": "1.8.001.20110421",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware_enterprise_line:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD9684D-F736-4966-8A43-2A73AA4CA853",
"versionEndIncluding": "11.1.20110711-1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en phpgwapi/ntlm/index.php de EGroupware Enterprise Line (EPL) anteriores a v11.1.20110804-1 y EGroupware Community Edition anteriores a v1.8.001.20110805 permite a atacantes remotos redirigir a los usuarios a sitios web de su elecci\u00f3n y llevar a cabo ataques de phishing a trav\u00e9s de una URL en el par\u00e1metro forward."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/601.html\r\n\r\n\u0027CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\u0027",
"id": "CVE-2011-4951",
"lastModified": "2024-11-21T01:33:21.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-31T22:55:01.497",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/101675/eGroupware-1.8.001.20110421-Open-Redirect.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178"
},
{
"source": "secalert@redhat.com",
"url": "http://www.egroupware.org/changelog"
},
{
"source": "secalert@redhat.com",
"url": "http://www.egroupware.org/epl-changelog"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/52770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/101675/eGroupware-1.8.001.20110421-Open-Redirect.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.egroupware.org/changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.egroupware.org/epl-changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52770"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| egroupware | egroupware | 1.0 | |
| egroupware | egroupware | 1.0.1 | |
| egroupware | egroupware | 1.0.3 | |
| egroupware | egroupware | 1.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E440ECF0-C87D-432B-91D6-C1D61FF780C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "598C8726-BD8E-41F5-8A83-E06CF6F24C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E91357C7-8028-4870-AEDB-DACEC0EE1E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE992D5-371B-466C-8A08-884B146694D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter."
}
],
"id": "CVE-2005-1203",
"lastModified": "2024-11-20T23:56:50.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111401760125555\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://secunia.com/advisories/14982"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200504-24.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=320768"
},
{
"source": "cve@mitre.org",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00069-04202005"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/15753"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/13212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111401760125555\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://secunia.com/advisories/14982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200504-24.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=320768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00069-04202005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/15753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/13212"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-26 20:17
Modified
2024-11-21 00:37
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4.001 allow remote attackers to inject arbitrary web script or HTML via the cat_data[color] parameter to (1) preferences/inc/class.uicategories.inc.php and (2) admin/inc/class.uicategories.inc.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| egroupware | egroupware | 1.4.001 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.4.001:*:*:*:*:*:*:*",
"matchCriteriaId": "F22F0392-6D7A-4133-83AA-C14F1B69A167",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4.001 allow remote attackers to inject arbitrary web script or HTML via the cat_data[color] parameter to (1) preferences/inc/class.uicategories.inc.php and (2) admin/inc/class.uicategories.inc.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el eGroupWare 1.4.001 permiten a atacantes remotos la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro cat_data[color] en el (1) preferences/inc/class.uicategories.inc.php y (2) admin/inc/class.uicategories.inc.php."
}
],
"id": "CVE-2007-5091",
"lastModified": "2024-11-21T00:37:06.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-09-26T20:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26944"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.egroupware.org/news"
},
{
"source": "cve@mitre.org",
"url": "http://www.egroupware.org/viewvc/branches/1.4/admin/inc/class.uicategories.inc.php?r1=23611\u0026r2=24443\u0026pathrev=24443"
},
{
"source": "cve@mitre.org",
"url": "http://www.egroupware.org/viewvc/branches/1.4/preferences/inc/class.uicategories.inc.php?r1=23741\u0026r2=24443\u0026pathrev=24443"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.egroupware.org/news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.egroupware.org/viewvc/branches/1.4/admin/inc/class.uicategories.inc.php?r1=23611\u0026r2=24443\u0026pathrev=24443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.egroupware.org/viewvc/branches/1.4/preferences/inc/class.uicategories.inc.php?r1=23741\u0026r2=24443\u0026pathrev=24443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25800"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-26 22:15
Modified
2024-11-21 08:13
Severity ?
Summary
An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.gruppotim.it/it/footer/red-team.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.gruppotim.it/it/footer/red-team.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| egroupware | egroupware | 17.1.20190111 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware:17.1.20190111:*:*:*:community:*:*:*",
"matchCriteriaId": "2DC85FE8-8337-4E84-98CB-A123F7BF14C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en eGroupWare 17.1.20190111. Una vulnerabilidad de almacenamiento de contrase\u00f1as incorrectas afecta el panel de configuraci\u00f3n en setup/manageheader.php, lo que permite a atacantes remotos autenticados con credenciales de administrador leer una contrase\u00f1a de base de datos en texto plano."
}
],
"id": "CVE-2023-38328",
"lastModified": "2024-11-21T08:13:20.500",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-26T22:15:08.613",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.gruppotim.it/it/footer/red-team.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.gruppotim.it/it/footer/red-team.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-31 22:55
Modified
2024-11-21 01:33
Severity ?
Summary
SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to execute arbitrary SQL commands via the id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| egroupware | egroupware | * | |
| egroupware | egroupware_enterprise_line | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware:*:-:community:*:*:*:*:*",
"matchCriteriaId": "32925DE0-3391-480B-AC6E-8DD8D9A664F8",
"versionEndIncluding": "1.8.001.20110421",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware_enterprise_line:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD9684D-F736-4966-8A43-2A73AA4CA853",
"versionEndIncluding": "11.1.20110711-1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to execute arbitrary SQL commands via the id parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php en EGroupware Enterprise Line (EPL) anteriores a v11.1.20110804-1 y EGroupware Community Edition anteriores a v1.8.001.20110805 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro id."
}
],
"id": "CVE-2011-4949",
"lastModified": "2024-11-21T01:33:21.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-31T22:55:01.387",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/100179/eGroupware-1.8.001-SQL-Injection.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001-SQL-Injection-179"
},
{
"source": "secalert@redhat.com",
"url": "http://www.egroupware.org/changelog"
},
{
"source": "secalert@redhat.com",
"url": "http://www.egroupware.org/epl-changelog"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/52770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/100179/eGroupware-1.8.001-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001-SQL-Injection-179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.egroupware.org/changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.egroupware.org/epl-changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52770"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-30 16:17
Modified
2024-11-21 00:45
Severity ?
Summary
Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and "grave" impact when the web server has write access to a directory under the web document root.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| egroupware | egroupware | * | |
| egroupware | egroupware | 1.4.001 | |
| egroupware | egroupware | 1.4.002 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B589C7DD-4BCE-454D-8CB6-C15BC6C1FFBD",
"versionEndIncluding": "1.4.003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.4.001:*:*:*:*:*:*:*",
"matchCriteriaId": "F22F0392-6D7A-4133-83AA-C14F1B69A167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.4.002:*:*:*:*:*:*:*",
"matchCriteriaId": "896271FE-50B1-436B-8926-1CE685667D03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and \"grave\" impact when the web server has write access to a directory under the web document root."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en eGroupWare anterior a 1.4.004, tienen vectores de ataque no especificados y un impacto \"grave\" cuando el servidor web tiene acceso de escritura a un directorio bajo la ra\u00edz de los documentos web."
}
],
"id": "CVE-2008-2041",
"lastModified": "2024-11-21T00:45:57.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-30T16:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30073"
},
{
"source": "cve@mitre.org",
"url": "http://www.egroupware.org/news"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-04.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28817"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.egroupware.org/news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42141"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-26 18:55
Modified
2024-11-21 02:07
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an admin.uiaccounts.add_user action to index.php or (2) modify settings via the newsettings parameter in an admin.uiconfig.index action to index.php. NOTE: vector 2 can be used to execute arbitrary PHP code by leveraging CVE-2014-2988.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| egroupware | egroupware | * | |
| egroupware | egroupware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D189CC87-A256-48C3-9366-67B6FAEFAC80",
"versionEndIncluding": "1.6.001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:*:*:*:*:community:*:*:*",
"matchCriteriaId": "668110D7-2136-4DD6-9C09-9FFD48D5F499",
"versionEndIncluding": "1.8006",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an admin.uiaccounts.add_user action to index.php or (2) modify settings via the newsettings parameter in an admin.uiconfig.index action to index.php. NOTE: vector 2 can be used to execute arbitrary PHP code by leveraging CVE-2014-2988."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en EGroupware Enterprise Line (EPL) anterior a 1.1.20140505, EGroupware Community Edition anterior a 1.8.007.20140506, y EGroupware anterior a 14.1 beta permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que (1) crean un usuarios administrador a trav\u00e9s de una acci\u00f3n admin.uiaccounts.add_user en index.php o (2) modifican configuraciones a trav\u00e9s del par\u00e1metro newsettings en una acci\u00f3n admin.uiconfig.index en index.php. NOTA: el vector 2 puede utilizarse para ejecutar c\u00f3digo PHP arbitrario mediante el aprovechamiento de CVE-2014-2988."
}
],
"id": "CVE-2014-2987",
"lastModified": "2024-11-21T02:07:17.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-10-26T18:55:04.580",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0221.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/58346"
},
{
"source": "cve@mitre.org",
"url": "http://www.egroupware.org/changelog"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.egroupware.org/forum#nabble-td3997580"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:087"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/532103/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0221.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.egroupware.org/changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.egroupware.org/forum#nabble-td3997580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532103/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23212"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-27 01:55
Modified
2024-11-21 02:07
Severity ?
Summary
EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the call_user_func PHP function, as demonstrated using the newsettings[system] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2987.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| egroupware | egroupware | * | |
| egroupware | egroupware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D189CC87-A256-48C3-9366-67B6FAEFAC80",
"versionEndIncluding": "1.6.001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:*:*:*:*:community:*:*:*",
"matchCriteriaId": "668110D7-2136-4DD6-9C09-9FFD48D5F499",
"versionEndIncluding": "1.8006",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the call_user_func PHP function, as demonstrated using the newsettings[system] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2987."
},
{
"lang": "es",
"value": "EGroupware Enterprise Line (EPL) anterior a 1.1.20140505, EGroupware Community Edition anterior a 1.8.007.20140506, y EGroupware anterior a 14.1 beta permite a administradores remotos autenticados ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de valores de rellamada manipulados en la funci\u00f3n de PHP call_user_func, tal y como fue demostrado mediante la utilizaci\u00f3n del par\u00e1metro newsettings[system]. NOTA: esto puede ser explotado por atacantes remotos que se aprovechan de CVE-2014-2987."
}
],
"id": "CVE-2014-2988",
"lastModified": "2024-11-21T02:07:17.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-27T01:55:24.407",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0221.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:087"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/532103/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0221.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532103/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23212"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-07 15:15
Modified
2024-11-21 17:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
EGroupware before 23.1.20240624 mishandles an ORDER BY clause. This leads to json.php?menuaction=EGroupware\Api\Etemplate\Widget\Nextmatch::ajax_get_rows sort.id SQL injection by authenticated users for Address Book or InfoLog sorting.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| egroupware | egroupware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D78270C8-7166-459E-9F86-BBB1A0B3D306",
"versionEndExcluding": "23.1.20240624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EGroupware before 23.1.20240624 mishandles an ORDER BY clause. This leads to json.php?menuaction=EGroupware\\Api\\Etemplate\\Widget\\Nextmatch::ajax_get_rows sort.id SQL injection by authenticated users for Address Book or InfoLog sorting."
},
{
"lang": "es",
"value": "EGroupware anterior al 23.1.20240624 maneja mal una cl\u00e1usula ORDER BY."
}
],
"id": "CVE-2024-40614",
"lastModified": "2024-11-21T17:15:14.190",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-07-07T15:15:09.923",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/EGroupware/egroupware/commit/553829d30cc2ccdc0e5a8c5a0e16fa03a3399a3f"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/EGroupware/egroupware/compare/23.1.20240430...23.1.20240624"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/EGroupware/egroupware/releases/tag/23.1.20240624"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://help.egroupware.org/t/egroupware-maintenance-security-release-23-1-20240624/78438"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://syss.de"
},
{
"source": "cve@mitre.org",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-047.txt"
},
{
"source": "cve@mitre.org",
"url": "https://www.syss.de/pentest-blog/sql-injection-schwachstelle-in-egroupware-syss-2024-047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/EGroupware/egroupware/commit/553829d30cc2ccdc0e5a8c5a0e16fa03a3399a3f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/EGroupware/egroupware/compare/23.1.20240430...23.1.20240624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/EGroupware/egroupware/releases/tag/23.1.20240624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://help.egroupware.org/t/egroupware-maintenance-security-release-23-1-20240624/78438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://syss.de"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-047.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.syss.de/pentest-blog/sql-injection-schwachstelle-in-egroupware-syss-2024-047"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-11 22:30
Modified
2024-11-21 00:32
Severity ?
Summary
Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| egroupware | egroupware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B24266-1026-4A0D-BBEF-BA6E27780E4D",
"versionEndIncluding": "1.2.106-2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en eGroupWare anterior a 1.2.107-2 tiene un impacto desconocido y vectores de ataque relacionados con ADOdb. NOTA: debido a la carencia de detalles del vendedor, es incierto si este asunto fue cubierto ya por otro identificador de CVE."
}
],
"id": "CVE-2007-3155",
"lastModified": "2024-11-21T00:32:32.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-11T22:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37188"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25454"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=513311\u0026group_id=78745"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=513749\u0026group_id=78745"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24378"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=513311\u0026group_id=78745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=513749\u0026group_id=78745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34914"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-22 19:00
Modified
2024-11-21 01:18
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| egroupware | egroupware | 1.4.001 | |
| egroupware | egroupware | 1.4.001\+.002 | |
| egroupware | egroupware | 1.4.002 | |
| egroupware | egroupware | 1.6.001 | |
| egroupware | egroupware | 1.6.001\+.002 | |
| egroupware | egroupware | 1.6.002 | |
| egroupware | egroupware | 9.1 | |
| egroupware | egroupware | 9.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.4.001:*:*:*:*:*:*:*",
"matchCriteriaId": "F22F0392-6D7A-4133-83AA-C14F1B69A167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.4.001\\+.002:*:*:*:*:*:*:*",
"matchCriteriaId": "65987EB6-F4D8-47C9-B95F-DEA15E94A3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.4.002:*:*:*:*:*:*:*",
"matchCriteriaId": "896271FE-50B1-436B-8926-1CE685667D03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.6.001:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE768DF-9605-40FA-8840-C60D2C0DCE0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.6.001\\+.002:*:*:*:*:*:*:*",
"matchCriteriaId": "C105EFE2-0592-45B3-A362-4208245EDD9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.6.002:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB7B153-61AE-499D-8577-CC83CC100C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:9.1:-:commercial_epl:*:*:*:*:*",
"matchCriteriaId": "C9D0492E-A33E-43D4-8E57-C74D677A1B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:9.2:-:commercial_epl:*:*:*:*:*",
"matchCriteriaId": "37AD8770-074D-42E3-81CC-E3A7D8856FD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en EGroupware v1.4.001+.002; v1.6.001+.002 y posiblemente otras versioens anteriores a v1.6.003; y EPL v9.1 anterior a v9.1.20100309 y v9.2 anterior a v9.2.20100309; \r\npermite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro lang"
}
],
"id": "CVE-2010-3314",
"lastModified": "2024-11-21T01:18:29.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-09-22T19:00:03.837",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2013"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.egroupware.org/news?item=93"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/11777/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/09/21/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.egroupware.org/news?item=93"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/11777/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/09/21/7"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-25 19:44
Modified
2024-11-21 00:44
Severity ?
Summary
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| egroupware | egroupware | * | |
| egroupware | egroupware | 1.0 | |
| egroupware | egroupware | 1.0.1 | |
| egroupware | egroupware | 1.0.3 | |
| egroupware | egroupware | 1.0.6 | |
| egroupware | egroupware | 1.2.106-2 | |
| egroupware | egroupware | 1.4.001 | |
| moodle | moodle | * | |
| moodle | moodle | 1.1.1 | |
| moodle | moodle | 1.2.0 | |
| moodle | moodle | 1.2.1 | |
| moodle | moodle | 1.3.0 | |
| moodle | moodle | 1.3.1 | |
| moodle | moodle | 1.3.2 | |
| moodle | moodle | 1.3.3 | |
| moodle | moodle | 1.3.4 | |
| moodle | moodle | 1.4.1 | |
| moodle | moodle | 1.4.2 | |
| moodle | moodle | 1.4.3 | |
| moodle | moodle | 1.4.4 | |
| moodle | moodle | 1.4.5 | |
| moodle | moodle | 1.5 | |
| moodle | moodle | 1.5.0 | |
| moodle | moodle | 1.5.1 | |
| moodle | moodle | 1.5.2 | |
| moodle | moodle | 1.5.3 | |
| moodle | moodle | 1.6.0 | |
| moodle | moodle | 1.6.1 | |
| moodle | moodle | 1.6.2 | |
| moodle | moodle | 1.6.3 | |
| moodle | moodle | 1.6.4 | |
| moodle | moodle | 1.6.5 | |
| moodle | moodle | 1.6.6 | |
| moodle | moodle | 1.6.7 | |
| moodle | moodle | 1.7.1 | |
| moodle | moodle | 1.7.2 | |
| moodle | moodle | 1.7.3 | |
| moodle | moodle | 1.7.4 | |
| moodle | moodle | 1.7.5 | |
| moodle | moodle | 1.7.6 | |
| moodle | moodle | 1.8.1 | |
| moodle | moodle | 1.8.2 | |
| moodle | moodle | 1.8.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E631688-AC1D-45BE-91A4-B126DD4032CA",
"versionEndIncluding": "1.4.002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E440ECF0-C87D-432B-91D6-C1D61FF780C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "598C8726-BD8E-41F5-8A83-E06CF6F24C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E91357C7-8028-4870-AEDB-DACEC0EE1E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE992D5-371B-466C-8A08-884B146694D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.2.106-2:*:*:*:*:*:*:*",
"matchCriteriaId": "40CF5935-81F4-427F-9D0F-65B5521AF8D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.4.001:*:*:*:*:*:*:*",
"matchCriteriaId": "F22F0392-6D7A-4133-83AA-C14F1B69A167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55AB250C-A3A0-4BC2-AC96-5B41F60E4E25",
"versionEndIncluding": "1.8.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "044E2E34-470C-45C9-8136-22493077D842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5FB2555-7146-4A75-9D24-250BBC09244A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "949F0BC0-A79E-4B1D-894D-650CF68109F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "616AE17F-F5B4-4D64-B287-0AAB189C802A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74246580-F351-4EAE-9406-2386CFF1819D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "077FFAAB-BACD-43F4-B146-DBFFD58CE619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C715839-F020-4F42-94F0-9FA34F294578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3113CF64-DFDD-413F-BB85-5A8B251608D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99CFB2E0-B99B-4154-8A6E-B6A8483ACEBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE4F8CC3-5428-4F72-B4DC-299A50EE9C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28252347-44DD-4302-8170-21DDB0A3B3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "740F27D0-4E66-4E2C-A2AB-54F5211F796F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FA227895-91FF-4689-A03A-D712EAB5E369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C42DBF05-906B-47E6-BC75-50EBA38B72BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "D6A58D43-9AB1-4EEA-8E5D-7829AFAE11D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C3409E-47BF-4D01-ADAC-58475E5D3077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E38AF73-EA00-485F-A63B-7C05AD9C948E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66BD9A00-DA61-4389-8731-B92585C2BE6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "680CE396-5F61-409C-A152-4D1E1CB44EA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A0F31A-BB19-4B2C-A2CD-1DFA5FDF1C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "98CA6482-0B84-463D-9C81-A92FFC06C9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0794B997-0793-4465-B9BA-5BFF254D600A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "06F4A1D8-65C5-4EDA-BCEC-CD267DE5C4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AB2A20C9-5FEF-4D91-AFA0-B49672CC8B37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCFEA024-4CA7-4975-802C-1BB9C099C164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D1E5E19D-BC58-478E-A584-6D260A5C5265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB16198E-A32D-4CFA-9CCE-65871596E6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFE9D24-24DB-49EA-B59E-AF9B47D46EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "56551145-5213-4165-88C9-C351DACDD1C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A589727E-92BB-40DA-8172-89279EB9B73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "92E97539-A7CC-48D3-A897-ADE4BC194B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D19C1954-6330-449D-9101-378D5DBD122C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "492A28FE-A2F8-4FF7-AC5B-0C3F5508506D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "28A897CA-3D8F-4575-BBD2-1C0C5A2ECC99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A3A5D9-D96E-46B3-AC22-25045564EB96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols."
},
{
"lang": "es",
"value": "La funci\u00f3n _bad_protocol_once en el archivo phpgwapi/inc/class.kses.inc.php en KSES, como es usado en eGroupWare versiones anteriores a 1.4.003, Moodle versiones anteriores a 1.8.5 y otros productos, permite a los atacantes remotos omitir el filtrado de HTML y conducir ataques de tipo cross-site scripting (XSS) por medio de una cadena que contiene protocolos URL especialmente dise\u00f1ados."
}
],
"id": "CVE-2008-1502",
"lastModified": "2024-11-21T00:44:41.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-03-25T19:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://docs.moodle.org/en/Release_Notes#Moodle_1.8.5"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29491"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30073"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30986"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31017"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31018"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31167"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32400"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32446"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2008/dsa-1691"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1871"
},
{
"source": "cve@mitre.org",
"url": "http://www.egroupware.org/changelog"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.egroupware.org/viewvc/branches/1.4/phpgwapi/inc/class.kses.inc.php?r1=23625\u0026r2=25110\u0026pathrev=25110"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-04.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28424"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0989/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41435"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/658-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00331.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://docs.moodle.org/en/Release_Notes#Moodle_1.8.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2008/dsa-1691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.egroupware.org/changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.egroupware.org/viewvc/branches/1.4/phpgwapi/inc/class.kses.inc.php?r1=23625\u0026r2=25110\u0026pathrev=25110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0989/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/658-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00331.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| egroupware | egroupware | 1.0.1 | |
| egroupware | egroupware | 1.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "598C8726-BD8E-41F5-8A83-E06CF6F24C8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:egroupware:egroupware:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE992D5-371B-466C-8A08-884B146694D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient."
}
],
"id": "CVE-2005-1129",
"lastModified": "2024-11-20T23:56:40.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-04/0157.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/14940"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/15499"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13137"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-04/0157.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/14940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/15499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20088"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-31 14:59
Modified
2024-11-21 02:05
Severity ?
Summary
eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans parameter to addressbook/csv_import.php, (3) cal_fields or (4) trans parameter to calendar/csv_import.php, (5) info_fields or (6) trans parameter to csv_import.php in (a) projectmanager/ or (b) infolog/, or (7) processed parameter to preferences/inc/class.uiaclprefs.inc.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| egroupware | egroupware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED81A1CD-EBDF-41C5-ACDA-9A8D51C850F6",
"versionEndIncluding": "1.8006",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans parameter to addressbook/csv_import.php, (3) cal_fields or (4) trans parameter to calendar/csv_import.php, (5) info_fields or (6) trans parameter to csv_import.php in (a) projectmanager/ or (b) infolog/, or (7) processed parameter to preferences/inc/class.uiaclprefs.inc.php."
},
{
"lang": "es",
"value": "eGroupware anterior a 1.8.006.20140217 permite a atacantes remotos realizar ataques de inyecci\u00f3n de objetos PHP, eliminar ficheros arbitrarios y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s (1) del par\u00e1metro addr_fields o (2) trans en addressbook/csv_import.php, (3) del par\u00e1metro cal_fields o (4) trans en calendar/csv_import.php, (5) del par\u00e1metro info_fields o (6) trans en csv_import.php en (a) projectmanager/ o (b) infolog/, o (7) del par\u00e1metro processed en preferences/inc/class.uiaclprefs.inc.php."
}
],
"id": "CVE-2014-2027",
"lastModified": "2024-11-21T02:05:29.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-31T14:59:00.063",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0116.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/02/19/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2014/02/19/4"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/projects/egroupware/files/eGroupware-1.8/README/download"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:087"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201711-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0116.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/02/19/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2014/02/19/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/projects/egroupware/files/eGroupware-1.8/README/download"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201711-12"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-11 22:30
Modified
2024-11-21 00:32
Severity ?
Summary
Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| egroupware | egroupware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B24266-1026-4A0D-BBEF-BA6E27780E4D",
"versionEndIncluding": "1.2.106-2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Walter Zorn wz_tooltip.js (tambi\u00e9n conocido como wz_tooltips) anterior a 4.01, tal y como se utiliza por eGroupWare anterior a 1.2.107-2 y otros paquetes, tiene un impacto desconocido y vectores de ataque remotos."
}
],
"id": "CVE-2007-3154",
"lastModified": "2024-11-21T00:32:31.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-11T22:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37187"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25454"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=513311\u0026group_id=78745"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=513749\u0026group_id=78745"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24378"
},
{
"source": "cve@mitre.org",
"url": "http://www.walterzorn.com/tooltip/history.htm"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=513311\u0026group_id=78745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=513749\u0026group_id=78745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.walterzorn.com/tooltip/history.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34913"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-31 22:55
Modified
2024-11-21 01:33
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in phpgwapi/js/jscalendar/test.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| egroupware | egroupware | * | |
| egroupware | egroupware_enterprise_line | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware:*:-:community:*:*:*:*:*",
"matchCriteriaId": "32925DE0-3391-480B-AC6E-8DD8D9A664F8",
"versionEndIncluding": "1.8.001.20110421",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:egroupware:egroupware_enterprise_line:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD9684D-F736-4966-8A43-2A73AA4CA853",
"versionEndIncluding": "11.1.20110711-1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in phpgwapi/js/jscalendar/test.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en phpgwapi/js/jscalendar/test.php en EGroupware Enterprise Line (EPL) anteriores a v11.1.20110804-1 y EGroupware Community Edition anteriores a v1.8.001.20110805 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro lang."
}
],
"id": "CVE-2011-4950",
"lastModified": "2024-11-21T01:33:21.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-31T22:55:01.450",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/100180/eGroupware-1.8.001-Cross-Site-Scripting.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.egroupware.org/changelog"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.egroupware.org/epl-changelog"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/52770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://comments.gmane.org/gmane.comp.web.egroupware.german/33144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/100180/eGroupware-1.8.001-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.autosectools.com/Advisory/eGroupware-1.8.001-Reflected-Cross-site-Scripting-178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.egroupware.org/changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.egroupware.org/epl-changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52770"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}