Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian Security Advisory DSA 419-1 (phpgroupware)

Information

Severity

Severity

High

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

16 years ago

Modified

Modified

6 years ago

Summary

The remote host is missing an update to phpgroupware announced via advisory DSA 419-1.

Insight

Insight

The authors of phpgroupware, a web based groupware system written in PHP, discovered several vulnerabilities. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2004-0016 In the calendar module, save extension was not enforced for holiday files. As a result, server-side php scripts may be placed in directories that then could be accessed remotely and cause the webserver to execute those. This was resolved by enforcing the extension .txt for holiday files. CVE-2004-0017 Some SQL injection problems (non-escaping of values used in SQL strings) the calendar and infolog modules. Additionally, the Debian maintainer adjusted the permissions on world writable directories that were accidentally created by former postinst during the installation. For the stable distribution (woody) this problem has been fixed in version 0.9.14-0.RC3.2.woody3. For the unstable distribution (sid) this problem has been fixed in version 0.9.14.007-4. We recommend that you upgrade your phpgroupware, phpgroupware-calendar

Solution

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20419-1

Common Vulnerabilities and Exposures (CVE)