Author: jmm-guest
Date: 2005-08-29 23:23:30 +0000 (Mon, 29 Aug 2005)
New Revision: 1725
Modified:
data/CAN/list
Log:
phpgroupware fixed
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-08-29 21:33:50 UTC (rev 1724)
+++ data/CAN/list 2005-08-29 23:23:30 UTC (rev 1725)
@@ -1,3 +1,5 @@
+CAN-2005-XXXX [Unspecified XSS in phpgroupware''s phpgwapi]
+ - phpgroupware 0.9.16.008-1 (unknown)
CAN-2005-XXXX [Insecure usage of popen() in Affix]
- affix (unfixed; bug filed; medium)
CAN-2005-XXXX [Insecure tempfile usage in tleds]
@@ -409,7 +411,7 @@
NOTE: not-fur-us (MidiCart)
CAN-2005-2600 (FUDForum 2.6.15 with "Tree View" enabled
allows remote attackers to ...)
- egroupware-fudforum (unfixed; bug #323928; medium)
- - phpgroupware-fudforum (unfixed; bug #323929; medium)
+ - phpgroupware 0.9.16.008-1 (bug #323929; medium)
CAN-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption
(trivial ...)
NOTE: not-for-us (Hummingbird FTP for Connectivity)
CAN-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos (formerly
...)
@@ -817,7 +819,7 @@
CAN-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier
(PEAR ...)
{DSA-789-1}
- drupal 4.5.5-1 (bug #323347; high)
- - phpgroupware (unfixed; bug #323349; high)
+ - phpgroupware 0.9.16.008-1 (unfixed; bug #323349; high)
- egroupware (unfixed; bug #323350; high)
TODO: phpwiki has disabled the XMLRPC in the last upload, it orphaned as well,
should be fixed anyway
- php4 (unfixed; bug #323366; high)