Filtered by vendor Phpgroupware Subscriptions
Total 27 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2004-1385 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction parameter to index.php, which reveals the web server path in an error message.
CVE-2004-2406 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
Unknown "overflow" in the phpgw_config table for phpGroupWare before 0.9.14.002 has unknown attack vectors and impact.
CVE-2004-2574 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction.
CVE-2003-0599 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root.
CVE-2005-2761 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 allows administrators to inject arbitrary web script or HTML by modifying the main screen message.
CVE-2010-0403 1 Phpgroupware 1 Phpgroupware 2025-04-11 N/A
Directory traversal vulnerability in about.php in phpGroupWare (phpgw) before 0.9.16.016 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the app parameter.
CVE-2010-0404 1 Phpgroupware 1 Phpgroupware 2025-04-11 N/A
Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/.