Filtered by vendor Phpgroupware
Subscriptions
Filtered by product Phpgroupware
Subscriptions
Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2576 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | N/A |
| class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users' home-directory files, which allows remote attackers to obtain sensitive information from these files. | ||||
| CVE-2004-2577 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | N/A |
| The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files, and possibly has other unknown impacts. | ||||
| CVE-2004-2578 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | N/A |
| phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords. | ||||
| CVE-2004-1383 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the (1) order, (2) project_id, (3) pro_main, or (4) hours_id parameters to index.php or (5) ticket_id to viewticket_details.php. | ||||
| CVE-2005-2761 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 allows administrators to inject arbitrary web script or HTML by modifying the main screen message. | ||||
| CVE-2003-0599 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | N/A |
| Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root. | ||||
| CVE-2003-0657 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions. | ||||