Debian DSA-1945-1 : gforge - symlink attack

Sylvain Beucler discovered that gforge, a collaborative development tool, is prone to a symlink attack, which allows local users to perform a denial of service attack by overwriting arbitrary files. The oldstable distribution etch, this problem has been fixed in version 4.5.14-22etch13...

CVE-2009-3303

CVE-2009-3303 affects GForge and its help/tracker.php script. Versions 4.5.14, 4.7 rc2, and 4.8.1 are vulnerable to a cross-site scripting (XSS) flaw via the helpname parameter due to insufficient input sanitising. The issue allows remote attackers to inject arbitrary HTML/script content into a u...

Debian DSA-1818-1 : gforge - insufficient input sanitising

Laurent Almeras and Guillaume Smet have discovered a possible SQL injection vulnerability and cross-site scripting vulnerabilities in gforge, a collaborative development tool. Due to insufficient input sanitising, it was possible to inject arbitrary SQL statements and use several parameters to...

Debian Security Advisory DSA 1698-1 (gforge)

The remote host is missing an update to gforge announced via advisory DSA 1698-1. OpenVAS Vulnerability Test $Id: deb16981.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1698-1 gforge Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

DSA-1698-1 gforge - SQL injection

Bulletin has no description...