Filtered by vendor Phpgroupware Subscriptions
Filtered by product Phpgroupware Subscriptions

Search

Switch to Advanced Search (Beta)
Total 27 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2004-2578 1 Phpgroupware 1 Phpgroupware 2025-04-03 N/A
phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords.
CVE-2004-2406 1 Phpgroupware 1 Phpgroupware 2025-04-03 N/A
Unknown "overflow" in the phpgw_config table for phpGroupWare before 0.9.14.002 has unknown attack vectors and impact.
CVE-2006-4458 1 Phpgroupware 1 Phpgroupware 2025-04-03 N/A
Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter.
CVE-2004-2407 1 Phpgroupware 1 Phpgroupware 2025-04-03 N/A
Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality.
CVE-2004-2573 1 Phpgroupware 1 Phpgroupware 2025-04-03 N/A
PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter.
CVE-2004-2574 1 Phpgroupware 1 Phpgroupware 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction.
CVE-2001-0043 1 Phpgroupware 1 Phpgroupware 2025-04-03 N/A
phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program.