Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
groupware vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-26630
Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows malicious users to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function.
Handysoft Groupware
9.8
CVSSv3
CVE-2022-26562
An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2.51 contains an issue which allows malicious users to authenticate even if the user account or password is expired. It also exists in the predecessor Zarafa Collaboration Platform (ZCP) in provider/libserver...
Kopano Groupware Core 11.0.2.51
9.8
CVSSv3
CVE-2021-26608
An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash.
Handysoft Hshell 2.0.3.5
Handysoft Hshell 4.0.1.6
Handysoft Hshell 1.7.4.5
9.8
CVSSv3
CVE-2020-15906
tiki-login.php in Tiki prior to 21.2 sets the admin password to a blank value after 50 invalid login attempts.
Tiki Tiki
1 Github repository
9.8
CVSSv3
CVE-2020-8518
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
Horde Groupware 5.2.22
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 8.0
1 EDB exploit
9.8
CVSSv3
CVE-2019-19907
HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core prior to 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of an array copy during parsing of ICal data.
Kopano Groupware Core
9.8
CVSSv3
CVE-2010-4239
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion
Tiki Tikiwiki Cms\\/groupware 5.2
9.8
CVSSv3
CVE-2012-0911
TikiWiki CMS/Groupware prior to 6.7 LTS and prior to 8.4 allows remote malicious users to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.p...
Tiki Tikiwiki Cms\\/groupware
2 EDB exploits
9.8
CVSSv3
CVE-2005-0102
Integer overflow in camel-lock-helper in Evolution 2.0.2 and previous versions allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow.
Gnome Evolution
Debian Debian Linux 3.0
8.8
CVSSv3
CVE-2023-46730
Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make r...
Group-office Group Office
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »