Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Phpgroupware Subscribe
Total 27 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-2576 1 Phpgroupware 1 Phpgroupware 2025-04-03 5.0 MEDIUM N/A
class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users' home-directory files, which allows remote attackers to obtain sensitive information from these files.
CVE-2004-2573 1 Phpgroupware 1 Phpgroupware 2025-04-03 7.5 HIGH N/A
PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter.
CVE-2004-0017 1 Phpgroupware 1 Phpgroupware 2025-04-03 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations.
CVE-2006-4458 1 Phpgroupware 1 Phpgroupware 2025-04-03 6.4 MEDIUM N/A
Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter.
CVE-2005-2761 1 Phpgroupware 1 Phpgroupware 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 allows administrators to inject arbitrary web script or HTML by modifying the main screen message.
CVE-2003-0504 1 Phpgroupware 1 Phpgroupware 2025-04-03 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module.
CVE-2004-2578 1 Phpgroupware 1 Phpgroupware 2025-04-03 5.0 MEDIUM N/A
phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords.