RSS   Vulnerabilities for 'Nulllogic groupware'   RSS

2009-07-07
 
CVE-2009-2356

CWE-119
 

 
Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the (1) POP3, (2) SMTP, or (3) web component that triggers a long SQL query.

 
 
CVE-2009-2355

CWE-189
 

 
The forum module in NullLogic Groupware 1.2.7 allows remote authenticated users to cause a denial of service (application crash) by specifying (1) an empty string or (2) a non-numeric string when selecting a forum, related to the fmessagelist function.

 


Copyright 2024, cxsecurity.com

 

Back to Top