Egroupware : Security Vulnerabilities, CVEs, CVSS score >= 8

CVE-2014-2988

EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the call_user_func PHP function, as demonstrated using the newsettings[system] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2987.
Max CVSS
8.5
EPSS Score
0.48%
Published
2014-10-27
Updated
2018-10-09

CVE-2008-2041

Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and "grave" impact when the web server has write access to a directory under the web document root.
Max CVSS
10.0
EPSS Score
0.29%
Published
2008-04-30
Updated
2017-08-08

CVE-2007-3155

Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier.
Max CVSS
10.0
EPSS Score
0.58%
Published
2007-06-11
Updated
2017-07-29

CVE-2007-3154

Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors.
Max CVSS
10.0
EPSS Score
0.71%
Published
2007-06-11
Updated
2017-07-29
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close