147 matches found
Achievo 1.4.5 - Multiple Vulnerabilities (2)
Achievo 1.4.5 - Multiple Vulnerabilities 2 Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability Type: SQL Injection CWE-89,...
Achievo 1.4.5 - Multiple Vulnerabilities (2)
Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting CWE-79 CVE References:...
Achievo 1.4.5 Cross Site Scripting / SQL Injection
Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting CWE-79 CVE References:...
Achievo 1.4.5 Cross Site Scripting / SQL Injection Vulnerabilities
Achievo version 1.4.5 suffers from cross site scripting and remote SQL injection vulnerabilities. Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability...
Multiple vulnerabilities in Achievo
High-Tech Bridge Security Research Lab discovered two vulnerabilities in Achievo, which can be exploited to perform SQL injection and cross-site scripting XSS attacks. 1 SQL Injection vulnerability in Achievo: CVE-2012-5865 The vulnerability was discovered in the "dispatch.php" script while...
Achievo 1.4.5 LFI
Local file include vulnerability in Achievo Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...
Achievo 1.4.5 - Multiple Vulnerabilities (1)
Achievo 1.4.5 - Multiple Vulnerabilities 1 Information -------------------- Name : XSS, LFI and SQL Injection Vulnerabilities in Achievo Software : Achievo 1.4.5 and possibly below. Vendor Homepage : http://www.achievo.org Vulnerability Type : Cross-Site Scripting, Local File Inclusion and SQL...
Achievo 1.4.5 XSS / LFI / SQL Injection Vulnerabilities
Exploit for php platform in category web applications Information -------------------- Name : XSS, LFI and SQL Injection Vulnerabilities in Achievo Software : Achievo 1.4.5 and possibly below. Vendor Homepage : http://www.achievo.org Vulnerability Type : Cross-Site Scripting, Local File Inclusion...
Achievo 1.4.5 - Multiple Vulnerabilities (1)
Information -------------------- Name : XSS, LFI and SQL Injection Vulnerabilities in Achievo Software : Achievo 1.4.5 and possibly below. Vendor Homepage : http://www.achievo.org Vulnerability Type : Cross-Site Scripting, Local File Inclusion and SQL Injection Severity : Critical Researcher :...
Achievo 1.4.5 XSS / LFI / SQL Injection
Information -------------------- Name : XSS, LFI and SQL Injection Vulnerabilities in Achievo Software : Achievo 1.4.5 and possibly below. Vendor Homepage : http://www.achievo.org Vulnerability Type : Cross-Site Scripting, Local File Inclusion and SQL Injection Severity : Critical Researcher :...
Achievo 1.4.3 Cross Site Scripting / SQL Injection
Title: ====== Achievo v1.4.3 - Multiple Web Vulnerabilities Date: ===== 2012-01-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=403 VL-ID: ===== 403 Introduction: ============= Achievo is a flexible web-based resource management tool for business environments. Achiev...
Achievo 1.4.3 - Multiple Web Vulnerabilities
Achievo 1.4.3 - Multiple Web Vulnerabilities Title: ====== Achievo v1.4.3 - Multiple Web Vulnerabilities Date: ===== 2012-01-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=403 VL-ID: ===== 403 Introduction: ============= Achievo is a flexible web-based resource...
Achievo 1.4.3 - Multiple Web Vulnerabilities
Title: ====== Achievo v1.4.3 - Multiple Web Vulnerabilities Date: ===== 2012-01-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=403 VL-ID: ===== 403 Introduction: ============= Achievo is a flexible web-based resource management tool for business environments. Achiev...
Achievo v1.4.3 - Multiple Web Vulnerabilities
Document Title: =============== Achievo v1.4.3 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=403 http://www.cnnvd.org.cn/vulnerability/show/cvid/2012020060 ID: CNNVD-201202-060 Release Date: ============= 2012-01-29...
Achievo v1.4.3 - Multiple Web Vulnerabilities
Document Title: =============== Achievo v1.4.3 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=403 http://www.cnnvd.org.cn/vulnerability/show/cvid/2012020060 ID: CNNVD-201202-060 Release Date: ============= 2012-01-29...
CVE-2011-3697
Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraphradar.php and certain other files...
CVE-2011-3697
Achievo 1.4.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/graph/jpgraph/jpgraphradar.php and certain other files...
CVE-2011-3697
Achievo 1.4.5 is affected by CVE-2011-3697. Affected component: PHP files (e.g., modules/graph/jpgraph/jpgraph_radar.php) that reveal the installation path via an error message when a direct request is made. This is an information-disclosure flaw allowing remote attackers to obtain sensitive path...
Achievo跨站请求伪造和绕过安全限制漏洞
BUGTRAQ ID: 43544 Achievo是一款基于WEB的用于商业环境的项目管理工具。 Achievo没有正确地验证用户所提供URL中的confirm参数,已登录用户受骗跟随了恶意链接就可能导致未经确认便删除项目或任务;此外Time Registration模块在添加或删除项目时间时没有正确地处理访问权限,用户可以非授权添加或删除其他用户的时间。 Achievo = 1.4.3 厂商补丁: Achievo ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.achievo.org...
Achievo 1.4.3 - Cross-Site Request Forgery
Achievo 1.4.3 - Cross-Site Request Forgery Advisory Name: Cross Site Request Forgery in Achievo 1.4.3 Internal Cybsec Advisory Id: 2010-08-03 Vulnerability Class: Cross Site Request Forgery Release Date: 2010-Sept-28 Affected Applications: Achievo 1.4.3 other versions may be also vulnerable...