← Back

Netoffice

netoffice

2 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Netoffice
netoffice
1 CVE
Dwins
dwins
1 CVE

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2008-2044
1Netoffice
1Dwins
Apr 23, 2026
May 1, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitr...Show more
includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP script via an add action to projects_site/uploadfile.php.Show less
CVE-2006-1495
2Netoffice
Phpcollab
2Netoffice
Phpcollab
Apr 16, 2026
Mar 30, 2006
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in general/sendpassword.php in (1) PHPCollab 2.4 and 2.5.rc3, and (2) NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote attackers to execute arbitrary SQL commands via the loginForm parameter in t...Show more
SQL injection vulnerability in general/sendpassword.php in (1) PHPCollab 2.4 and 2.5.rc3, and (2) NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote attackers to execute arbitrary SQL commands via the loginForm parameter in the "forgotten password" option.Show less