eGroupWare is a web-based and multi-user groupware suite developed on a custom set of PHP-based APIs.
Here are some key features of "eGroupWare: Enterprise Collaboration":
· infolog (notes, to-do's, phone calls)
· content management
What's New in This Release: [ read full changelog ]
· The new release fixes 2 serious security problems, many bugs and implements SyncML 1.2
· Nahuel Grisolia from CYBSEC S.A. Security Systems found two security problems in EGroupware...
· one is a serious remote command execution (allowing to run arbitrary command on the web server by simply issuing a HTTP request!).
· the other a reflected cross-site scripting (XSS).
· both require NO valid EGroupware account and work without being logged in!
· Vulnerable are all EGroupware version incl. 1.4.001+.002, 1.6.001+.002 and the commercial EPL versions 9.1+9.2!
· The problem is fixed in EGroupware's SVN (for 1.6 and trunk) and there will be a coordinated release of a new EGroupware version 1.6.003 by
· Stylite GmbH / EGroupware project and publication of the exploits by CYBSEC S.A. on March 9th.
· WE RECOMMEND EVERYONE UPDATES AS SOON AS POSSIBLE!