admin
08-25-2005, 10:18 PM
phpGroupWare
http://www.phpgroupware.org
August 25th, 2005
http://secunia.com/advisories/16558/
Description:
Some vulnerabilities have been reported in phpGroupWare, which can be exploited by malicious administrative users to conduct script insertion attacks, or by malicious people to bypass certain security restrictions or compromise a vulnerable system.
1) phpGroupWare uses vulnerable versions of FUDforum and XML-RPC.
For more information:
SA16414 (http://secunia.com/SA16414/)
SA16431 (http://secunia.com/SA16431/)
2) A malicious administrative user can include arbitrary JavaScript code when editing the main screen message from the admin pages.
Solution:
Update to version 0.9.16.007.
http://downloads.phpgroupware.org/now
Provided and/or discovered by:
Reported by vendor.
Original Advisory:
http://savannah.gnu.org/bugs/?func=detailitem&item_id=13863
Other References:
SA16414:
http://secunia.com/advisories/16414/
SA16431:
http://secunia.com/advisories/16431/
http://www.phpgroupware.org
August 25th, 2005
http://secunia.com/advisories/16558/
Description:
Some vulnerabilities have been reported in phpGroupWare, which can be exploited by malicious administrative users to conduct script insertion attacks, or by malicious people to bypass certain security restrictions or compromise a vulnerable system.
1) phpGroupWare uses vulnerable versions of FUDforum and XML-RPC.
For more information:
SA16414 (http://secunia.com/SA16414/)
SA16431 (http://secunia.com/SA16431/)
2) A malicious administrative user can include arbitrary JavaScript code when editing the main screen message from the admin pages.
Solution:
Update to version 0.9.16.007.
http://downloads.phpgroupware.org/now
Provided and/or discovered by:
Reported by vendor.
Original Advisory:
http://savannah.gnu.org/bugs/?func=detailitem&item_id=13863
Other References:
SA16414:
http://secunia.com/advisories/16414/
SA16431:
http://secunia.com/advisories/16431/