Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.800907
Category:Web application abuses
Title:NullLogic Groupware <= 1.2.7 Multiple Vulnerabilities (Linux)
Summary:NullLogic Groupware is prone to multiple; vulnerabilities.;; This VT has been merged into the VT 'NullLogic Groupware <= 1.2.7 Multiple; Vulnerabilities' (OID: 1.3.6.1.4.1.25623.1.0.800906).
Description:Summary:
NullLogic Groupware is prone to multiple
vulnerabilities.

This VT has been merged into the VT 'NullLogic Groupware <= 1.2.7 Multiple
Vulnerabilities' (OID: 1.3.6.1.4.1.25623.1.0.800906).

Vulnerability Insight:
Multiple flaws exist because:

- The 'auth_checkpass' function in the login page does not validate the input passed
into the username parameter.

- An error in the 'fmessagelist' function in the forum module when processing a group
name containing a non-numeric string or is an empty string.

- Multiple stack-based buffer overflows occurs in the 'pgsqlQuery' function while
processing malicious input to POP3, SMTP or web component that triggers a long SQL query
when PostgreSQL is used.

Vulnerability Impact:
Attackers can exploit this issue to execute arbitrary
SQL quries in the context of affected application, and can cause buffer overflow or
a denial of service.

Affected Software/OS:
NullLogic Groupware 1.2.7 and prior.

Solution:
No known solution was made available for at least one
year since the disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features,
remove the product or replace the product by another one.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 35606
Common Vulnerability Exposure (CVE) ID: CVE-2009-2354
Bugtraq: 20090706 High security hole in NullLogic Groupware (Google Search)
http://www.securityfocus.com/archive/1/504737/100/0/threaded
http://www.nth-dimension.org.uk/utils/get.php?downloadsid=55
http://www.vupen.com/english/advisories/2009/1817
Common Vulnerability Exposure (CVE) ID: CVE-2009-2355
Common Vulnerability Exposure (CVE) ID: CVE-2009-2356
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.