FreshPorts - VuXML

eGroupWare contains a bug in the JiNN component that allows a remote attacker to download arbitrary files.

< 1.0.0.006

Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter.

Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter.

< 1.0.0.007

Egroupware Team report:

Nahuel Grisolia from CYBSEC S.A. Security Systems found two security problems in EGroupware:

Serious remote command execution (allowing to run arbitrary command on the web server by simply issuing a HTTP request!).

A reflected cross-site scripting (XSS).

Both require NO valid EGroupware account and work without being logged in!

< 1.6.003

A Hardened-PHP Project Security Advisory reports:

When the library parses XMLRPC requests/responses, it constructs a string of PHP code, that is later evaluated. This means any failure to properly handle the construction of this string can result in arbitrary execution of PHP code.

This new injection vulnerability is cause by not properly handling the situation, when certain XML tags are nested in the parsed document, that were never meant to be nested at all. This can be easily exploited in a way, that user-input is placed outside of string delimiters within the evaluation string, which obviously results in arbitrary code execution.

Note that several applications contains an embedded version on XML_RPC, therefor making them the vulnerable to the same code injection vulnerability.

< 1.4.0

< 1.4.11

< 4.6.3

< 1.0.0.009

< 2.0.5

< 0.9.16.007

< 0.9.0.12_2