CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2011-4948
https://notcve.org/view.php?id=CVE-2011-4948
31 Aug 2012 — Directory traversal vulnerability in admin/remote.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to read arbitrary files via a ..%2f (encoded dot dot slash) in the type parameter. Vulnerabilidad de salto de directorio en admin/remote.php en EGroupware Enterprise Line (EPL) anteriores a v11.1.20110804-1 y EGroupware Community Edition anteriores a v1.8.001.20110805 permite a atacantes remotos leer ficheros de su e... • http://comments.gmane.org/gmane.comp.web.egroupware.german/33144 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2011-4949
https://notcve.org/view.php?id=CVE-2011-4949
31 Aug 2012 — SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php en EGroupware Enterprise Line (EPL) anteriores a v11.1.20110804-1 y EGroupware Community Edition anteriores a v1.8.001.20110805 permite a at... • http://comments.gmane.org/gmane.comp.web.egroupware.german/33144 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2011-4950
https://notcve.org/view.php?id=CVE-2011-4950
31 Aug 2012 — Cross-site scripting (XSS) vulnerability in phpgwapi/js/jscalendar/test.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en phpgwapi/js/jscalendar/test.php en EGroupware Enterprise Line (EPL) anteriores a v11.1.20110804-1 y EGroupware Community Edition anteriores a v1.8.001.20110805 permi... • http://comments.gmane.org/gmane.comp.web.egroupware.german/33144 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2011-4951
https://notcve.org/view.php?id=CVE-2011-4951
31 Aug 2012 — Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter. Vulnerabilidad de redirección abierta en phpgwapi/ntlm/index.php de EGroupware Enterprise Line (EPL) anteriores a v11.1.20110804-1 y EGroupware Community Edition anteriores a v1.8.001.20110805 permite a atacante... • http://comments.gmane.org/gmane.comp.web.egroupware.german/33144 •