Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
addressbook vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-12422
addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution up to and including 3.29.2 might allow malicious users to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this b...
Gnome Evolution
4.3
CVSSv2
CVE-2003-0504
Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote malicious users to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module.
Phpgroupware Phpgroupware 0.9.14.003
7.5
CVSSv2
CVE-2014-2027
eGroupware prior to 1.8.006.20140217 allows remote malicious users to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans parameter to addressbook/csv_import.php, (3) cal_fields or (4) trans parame...
Egroupware Egroupware
10
CVSSv2
CVE-2003-0599
Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions prior to 0.9.14.004 with unknown implications, related to the VFS path being under the web document root.
Phpgroupware Phpgroupware
Phpgroupware Phpgroupware 0.9.16prerc
7.5
CVSSv2
CVE-2003-0657
Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and previous versions could allow remote malicious users to conduct unauthorized database actions.
Phpgroupware Phpgroupware
7.5
CVSSv2
CVE-2002-1131
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and previous versions allows remote malicious users to execute script as other web users via (1) addressbook.php, (2) options.php, (3) search.php, or (4) help.php.
Squirrelmail Squirrelmail
1 EDB exploit
5
CVSSv2
CVE-2002-1132
SquirrelMail 1.2.7 and previous versions allows remote malicious users to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.
Squirrelmail Squirrelmail
4.3
CVSSv2
CVE-2002-1276
An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.
Squirrelmail Squirrelmail 1.2.8
7.5
CVSSv2
CVE-2009-0587
Multiple integer overflows in Evolution Data Server (aka evolution-data-server) prior to 2.24.5 allow context-dependent malicious users to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) cam...
Go-evolution Evolution-data-server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2024-5274
CVE-2020-17519
CVE-2024-35340
CVE-2021-47558
local
XML injection
CVE-2021-47519
CVE-2021-47543
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3