Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0403 A local file inclusion vulnerability allows remote attackers to execute arbitrary PHP code and include arbitrary local files. CVE-2010-0404 Multiple SQL injection vulnerabilities allows remote attackers to execute arbitrary SQL commands. For the stable distribution , these problems have been fixed in version 1:0.9.16.012+dfsg-8+lenny2 For the testing distribution and the unstable distribution , these problems will be fixed soon. We recommend that you upgrade your phpgroupware package.