Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
addressbook vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-12422
addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution up to and including 3.29.2 might allow malicious users to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this b...
Gnome Evolution
NA
CVE-2003-0504
Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote malicious users to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module.
Phpgroupware Phpgroupware 0.9.14.003
NA
CVE-2014-2027
eGroupware prior to 1.8.006.20140217 allows remote malicious users to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans parameter to addressbook/csv_import.php, (3) cal_fields or (4) trans parame...
Egroupware Egroupware
NA
CVE-2003-0599
Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions prior to 0.9.14.004 with unknown implications, related to the VFS path being under the web document root.
Phpgroupware Phpgroupware
Phpgroupware Phpgroupware 0.9.16prerc
NA
CVE-2003-0657
Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and previous versions could allow remote malicious users to conduct unauthorized database actions.
Phpgroupware Phpgroupware
NA
CVE-2002-1131
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and previous versions allows remote malicious users to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.
Squirrelmail Squirrelmail
1 EDB exploit
NA
CVE-2002-1276
An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.
Squirrelmail Squirrelmail 1.2.8
NA
CVE-2002-1132
SquirrelMail 1.2.7 and previous versions allows remote malicious users to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.
Squirrelmail Squirrelmail
NA
CVE-2009-0587
Multiple integer overflows in Evolution Data Server (aka evolution-data-server) prior to 2.24.5 allow context-dependent malicious users to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) cam...
Go-evolution Evolution-data-server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3