Gentoo Linux Security Advisory 201711-12 - Multiple vulnerabilities have been found in eGroupWare, the worst of which allows remote attackers to execute arbitrary code. Versions less than 1.8.004.20120613 are affected.
37744d37c65dfee73209d39dfc358adb6757ead24256f4aed09c5774cf263a63
Mandriva Linux Security Advisory 2015-087 - eGroupware prior to 1.8.006.20140217 is vulnerable to remote file deletion and possible remote code execution due to user input being passed to PHP's unserialize() method. eGroupWare before 1.8.007 allows logged in users with administrative privileges to remotely execute arbitrary commands on the server. It is also vulnerable to a cross site request forgery vulnerability that allows creating new administrative users.
574fe6d4c54586156bb4f27078d034bf2e81e5dc942e3eff6ea39230993dfeca
Egroupware versions 1.8.005 and below suffer from a PHP object insertion vulnerability that can allow for arbitrary file deletion and possibly code execution.
6acf0c7bb78bf16c4e7a80bf94295df8ed76adf8b9f716ddf1396c8f075f25e8