Lucene search
+L

147 matches found

exploitpack
exploitpack
added 2012/12/09 12:0 a.m.80 views

Achievo 1.4.5 - Multiple Vulnerabilities (2)

Achievo 1.4.5 - Multiple Vulnerabilities 2 Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability Type: SQL Injection CWE-89,...

6.5CVSS0.5AI score0.01201EPSS
Exploits7
Exploit DB
Exploit DB
added 2012/12/09 12:0 a.m.54 views

Achievo 1.4.5 - Multiple Vulnerabilities (2)

Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting CWE-79 CVE References:...

6.5CVSS6.4AI score0.01201EPSS
Exploits7
Packet Storm
Packet Storm
added 2012/12/07 12:0 a.m.54 views

Achievo 1.4.5 Cross Site Scripting / SQL Injection

Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting CWE-79 CVE References:...

6.5CVSS0.5AI score0.01201EPSS
Exploits7
0day.today
0day.today
added 2012/12/07 12:0 a.m.72 views

Achievo 1.4.5 Cross Site Scripting / SQL Injection Vulnerabilities

Achievo version 1.4.5 suffers from cross site scripting and remote SQL injection vulnerabilities. Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability...

6.5CVSS0.6AI score0.01201EPSS
Exploits7
htbridge
htbridge
added 2012/11/14 12:0 a.m.35 views

Multiple vulnerabilities in Achievo

High-Tech Bridge Security Research Lab discovered two vulnerabilities in Achievo, which can be exploited to perform SQL injection and cross-site scripting XSS attacks. 1 SQL Injection vulnerability in Achievo: CVE-2012-5865 The vulnerability was discovered in the "dispatch.php" script while...

4.3CVSS1.2AI score0.01201EPSS
Exploits7Affected Software1
Dsquare
Dsquare
added 2012/11/09 12:0 a.m.35 views

Achievo 1.4.5 LFI

Local file include vulnerability in Achievo Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...

6.5CVSS0.9AI score0.01123EPSS
Exploits6References2
exploitpack
exploitpack
added 2012/11/02 12:0 a.m.24 views

Achievo 1.4.5 - Multiple Vulnerabilities (1)

Achievo 1.4.5 - Multiple Vulnerabilities 1 Information -------------------- Name : XSS, LFI and SQL Injection Vulnerabilities in Achievo Software : Achievo 1.4.5 and possibly below. Vendor Homepage : http://www.achievo.org Vulnerability Type : Cross-Site Scripting, Local File Inclusion and SQL...

0.3AI score
Exploits0
0day.today
0day.today
added 2012/11/02 12:0 a.m.28 views

Achievo 1.4.5 XSS / LFI / SQL Injection Vulnerabilities

Exploit for php platform in category web applications Information -------------------- Name : XSS, LFI and SQL Injection Vulnerabilities in Achievo Software : Achievo 1.4.5 and possibly below. Vendor Homepage : http://www.achievo.org Vulnerability Type : Cross-Site Scripting, Local File Inclusion...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2012/11/02 12:0 a.m.33 views

Achievo 1.4.5 - Multiple Vulnerabilities (1)

Information -------------------- Name : XSS, LFI and SQL Injection Vulnerabilities in Achievo Software : Achievo 1.4.5 and possibly below. Vendor Homepage : http://www.achievo.org Vulnerability Type : Cross-Site Scripting, Local File Inclusion and SQL Injection Severity : Critical Researcher :...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2012/11/01 12:0 a.m.35 views

Achievo 1.4.5 XSS / LFI / SQL Injection

Information -------------------- Name : XSS, LFI and SQL Injection Vulnerabilities in Achievo Software : Achievo 1.4.5 and possibly below. Vendor Homepage : http://www.achievo.org Vulnerability Type : Cross-Site Scripting, Local File Inclusion and SQL Injection Severity : Critical Researcher :...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2012/02/03 12:0 a.m.32 views

Achievo 1.4.3 Cross Site Scripting / SQL Injection

Title: ====== Achievo v1.4.3 - Multiple Web Vulnerabilities Date: ===== 2012-01-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=403 VL-ID: ===== 403 Introduction: ============= Achievo is a flexible web-based resource management tool for business environments. Achiev...

0.7AI score
Exploits0
exploitpack
exploitpack
added 2012/02/02 12:0 a.m.21 views

Achievo 1.4.3 - Multiple Web Vulnerabilities

Achievo 1.4.3 - Multiple Web Vulnerabilities Title: ====== Achievo v1.4.3 - Multiple Web Vulnerabilities Date: ===== 2012-01-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=403 VL-ID: ===== 403 Introduction: ============= Achievo is a flexible web-based resource...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2012/02/02 12:0 a.m.35 views

Achievo 1.4.3 - Multiple Web Vulnerabilities

Title: ====== Achievo v1.4.3 - Multiple Web Vulnerabilities Date: ===== 2012-01-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=403 VL-ID: ===== 403 Introduction: ============= Achievo is a flexible web-based resource management tool for business environments. Achiev...

7.4AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2012/01/29 12:0 a.m.32 views

Achievo v1.4.3 - Multiple Web Vulnerabilities

Document Title: =============== Achievo v1.4.3 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=403 http://www.cnnvd.org.cn/vulnerability/show/cvid/2012020060 ID: CNNVD-201202-060 Release Date: ============= 2012-01-29...

7.1AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2012/01/29 12:0 a.m.14 views

Achievo v1.4.3 - Multiple Web Vulnerabilities

Document Title: =============== Achievo v1.4.3 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=403 http://www.cnnvd.org.cn/vulnerability/show/cvid/2012020060 ID: CNNVD-201202-060 Release Date: ============= 2012-01-29...

0.4AI score
Exploits0
NVD
NVD
added 2011/09/23 11:55 p.m.16 views

CVE-2011-3697

Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraphradar.php and certain other files...

5CVSS6.1AI score0.01335EPSS
Exploits1References3
Cvelist
Cvelist
added 2011/09/23 11:0 p.m.21 views

CVE-2011-3697

Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraphradar.php and certain other files...

6.1AI score0.01335EPSS
Exploits1References3
CVE
CVE
added 2011/09/23 11:0 p.m.44 views

CVE-2011-3697

Achievo 1.4.5 is affected by CVE-2011-3697. Affected component: PHP files (e.g., modules/graph/jpgraph/jpgraph_radar.php) that reveal the installation path via an error message when a direct request is made. This is an information-disclosure flaw allowing remote attackers to obtain sensitive path...

5CVSS6.3AI score0.01335EPSS
Exploits1References3Affected Software1
seebug.org
seebug.org
added 2010/09/30 12:0 a.m.11 views

Achievo跨站请求伪造和绕过安全限制漏洞

BUGTRAQ ID: 43544 Achievo是一款基于WEB的用于商业环境的项目管理工具。 Achievo没有正确地验证用户所提供URL中的confirm参数,已登录用户受骗跟随了恶意链接就可能导致未经确认便删除项目或任务;此外Time Registration模块在添加或删除项目时间时没有正确地处理访问权限,用户可以非授权添加或删除其他用户的时间。 Achievo = 1.4.3 厂商补丁: Achievo ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.achievo.org...

6.9AI score
Exploits0
exploitpack
exploitpack
added 2010/09/28 12:0 a.m.26 views

Achievo 1.4.3 - Cross-Site Request Forgery

Achievo 1.4.3 - Cross-Site Request Forgery Advisory Name: Cross Site Request Forgery in Achievo 1.4.3 Internal Cybsec Advisory Id: 2010-08-03 Vulnerability Class: Cross Site Request Forgery Release Date: 2010-Sept-28 Affected Applications: Achievo 1.4.3 other versions may be also vulnerable...

1AI score
Exploits0
Rows per page
Query Builder