Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Phpgroupware Subscribe
Total 27 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-2576 1 Phpgroupware 1 Phpgroupware 2025-04-03 5.0 MEDIUM N/A
class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users' home-directory files, which allows remote attackers to obtain sensitive information from these files.
CVE-2003-0599 1 Phpgroupware 1 Phpgroupware 2025-04-03 10.0 HIGH N/A
Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root.
CVE-2004-2574 1 Phpgroupware 1 Phpgroupware 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction.
CVE-2004-2578 1 Phpgroupware 1 Phpgroupware 2025-04-03 5.0 MEDIUM N/A
phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords.
CVE-2004-0875 1 Phpgroupware 1 Phpgroupware 2025-04-03 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware (aka webdistro) 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module.
CVE-2004-1383 1 Phpgroupware 1 Phpgroupware 2025-04-03 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the (1) order, (2) project_id, (3) pro_main, or (4) hours_id parameters to index.php or (5) ticket_id to viewticket_details.php.
CVE-2005-2761 1 Phpgroupware 1 Phpgroupware 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 allows administrators to inject arbitrary web script or HTML by modifying the main screen message.