PHPGroupWare Multiple Cross-Site Scripting and SQL Injection Vulnerabilities

Bugtraq ID: 11952
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Dec 15 2004 12:00AM
Updated: Dec 15 2004 12:00AM
Credit: Discovery is credited to James Bercegay of the GulfTech Security Research Team.
Vulnerable: PHPGroupWare PHPGroupWare 0.9.16 RC1
PHPGroupWare PHPGroupWare 0.9.16 .003
+ Gentoo Linux
PHPGroupWare PHPGroupWare 0.9.16 .002
PHPGroupWare PHPGroupWare 0.9.16 .000
PHPGroupWare PHPGroupWare 0.9.14 .007
PHPGroupWare PHPGroupWare 0.9.14 .006
PHPGroupWare PHPGroupWare 0.9.14 .005
PHPGroupWare PHPGroupWare 0.9.14 .003
PHPGroupWare PHPGroupWare 0.9.13
- Debian Linux 2.2
PHPGroupWare PHPGroupWare 0.9.12
- MySQL AB MySQL 3.23.36
- MySQL AB MySQL 3.23.34
- MySQL AB MySQL 3.23.31
- PostgreSQL PostgreSQL 6.5.3
- PostgreSQL PostgreSQL 6.3.2
Not Vulnerable: PHPGroupWare PHPGroupWare 0.9.16 .005
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1


 

Privacy Statement
Copyright 2010, SecurityFocus