lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <C949EB18FA1E44D099C25EBEC2E31368@unknown>
Date: Fri, 14 May 2010 10:35:40 +0200
From: "VUPEN Web Security" <advisories@...en.com>
To: <bugtraq@...urityfocus.com>
Subject: phpGroupWare SQL Injections and Local File Inclusion Vulnerabilities (CVE-2010-0403 and CVE-2010-0404)

I. BACKGROUND
---------------------

"phpGroupWare is a fully featured, web based messaging, collaboration and
enterprise management platform. phpGroupWare comes with over 50 applications
that can be mixed and matched according to your needs. Around the world tens
of thousands of people use phpGroupWare every day." from phpgroupware.org


II. VULNERABILITIES
----------------------------

VUPEN Web Vulnerability Research Team discovered multiple vulnerabilities in
phpGroupWare.

SQL Injections: Multiple input validation errors exist in the
"class.sessions_db.inc.php", "class.translation_sql.inc.php",
"class.sessions_db.inc.php" and "class.auth_sql.inc.php" scripts within
the "phpgwapi/inc/" folder, which could allow SQL injection attacks.

Local File Inclusion: An input validation error exists in the "about.php"
script when processing the "app" parameter, which could allow remote 
attackers
to include local files with the privileges of the web server.


III. AFFECTED PRODUCTS
--------------------------------

phpGroupWare version 0.9.16.015 and prior


IV. SOLUTION
------------------

Upgrade to phpGroupWare version 0.9.16.016


V. CREDIT
--------------

These vulnerabilities were discovered by VUPEN Security


VI. VUPEN Web Application Security Scanner (WASS)
------------------------------------------------------------

VUPEN Web Application Security Scanner (WASS) is a SaaS web app. security
scanning technology which enables corporations and organizations to 
identify,
track and remediate security vulnerabilities affecting their web sites and
web applications, prevent criminals from gaining unauthorized access to
sensitive data, and comply with security requirements such as PCI.

VUPEN WASS is based on a proprietary technology developed by VUPEN security
experts, and combines black-box (smart and automated) and grey-box
(signature-based) scanning to accurately identify web vulnerabilities such
as those in the OWASP Top 10 including SQL injection and cross-site 
scripting,
but also real-world vulnerabilities such as shell command injection and
file inclusion.

Read More: http://www.vupen.com/english/wass/


VII. REFERENCES
----------------------

http://www.vupen.com/english/advisories/2010/1145
http://forums.phpgroupware.org/index.php?t=msg&th=98662&start=0&rid=0
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0403


VIII. DISCLOSURE TIMELINE
------------------------------------

2010-04-14 - Vendor notified
2010-04-21 - Vendor response
2010-05-14 - Coordinated public Disclosure



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ