Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Debian Local Security Checks --> Category: infos

[DSA419] DSA-419-1 phpgroupware Vulnerability Scan

Vulnerability Scan Summary
DSA-419-1 phpgroupware

Detailed Explanation for this Vulnerability Test

The authors of phpgroupware, a web based groupware system written in
PHP, discovered several vulnerabilities. The Common Vulnerabilities
and Exposures project identifies the following problems:
In the "calendar" module, "save extension" was not enforced for
holiday files. As a result, server-side php scripts may be placed
in directories that then could be accessed remotely and cause the
webserver to execute those. This was resolved by enforcing the
extension ".txt" for holiday files.
Some SQL injection problems (non-escaping of values used in SQL
strings) the "calendar" and "infolog" modules.
Additionally, the Debian maintainer adjusted the permissions on world
writable directories that were accidentally created by former postinst
during the installation.
For the stable distribution (woody) this problem has been fixed in
version 0.9.14-0.RC3.2.woody3.
For the unstable distribution (sid) this problem has been fixed in
We recommend that you upgrade your phpgroupware, phpgroupware-calendar
and phpgroupware-infolog packages.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.