Lucene search
K

39 matches found

Cvelist
Cvelist
added 2011/01/07 10:0 p.m.15 views

CVE-2010-0215

ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and 1 delete an attachment or 2 subscribe to an object, via a crafted URL...

6.2AI score0.01521EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2011/01/07 12:0 a.m.7 views

PT-2011-1360 · A51 · Activecollab

Name of the Vulnerable Software and Affected Versions: ActiveCollab versions prior to 2.3.2 Description: The issue allows remote authenticated users to bypass intended access restrictions. This can lead to unauthorized actions such as deleting an attachment or subscribing to an object, which can ...

6CVSS6.1AI score0.01521EPSS
Exploits0References4
CERT
CERT
added 2010/10/04 12:0 a.m.31 views

ActiveCollab permissions failure

Overview An authenticated user can view and delete projects or files that they are not assigned to. Description An authenticated user with no permission to a project can subscribe to the project, delete files, and possibly take other actions by loading a specifically crafted URL. Specific fields...

6CVSS6.3AI score0.01521EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2010/06/25 12:0 a.m.16 views

ActiveCollab 2.3.0 Directory Traversal / Local File Inclusion

============================================================ PAINSEC SECURITY RESEARCH GROUP SECURITY ADVISORY 2010-001 - Original release date: June 24th, 2010 - Discovered by: Jose Carlos de Arriba dade at painsec dot com - Severity: 10/10 Base CVSS Score...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2010/06/24 12:0 a.m.22 views

ActiveCollab 2.3.0 - Local File Inclusion Directory Traversal

ActiveCollab 2.3.0 - Local File Inclusion Directory Traversal ============================================================ PAINSEC SECURITY RESEARCH GROUP SECURITY ADVISORY 2010-001 - Original release date: June 24th, 2010 - Discovered by: Jose Carlos de Arriba dade at painsec dot com - Severity:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2010/06/24 12:0 a.m.34 views

ActiveCollab 2.3.0 - Local File Inclusion / Directory Traversal

============================================================ PAINSEC SECURITY RESEARCH GROUP SECURITY ADVISORY 2010-001 - Original release date: June 24th, 2010 - Discovered by: Jose Carlos de Arriba dade at painsec dot com - Severity: 10/10 Base CVSS Score...

7.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/06/18 8:54 a.m.4 views

Cross-site scripting vulnerability in activeCollab

Overview activeCollab from A51 D.O.O. contains a cross-site scripting vulnerability. activeCollab from A51 D.O.O. is software for project management. activeCollab contains a cross-site scripting vulnerability. Daiki Fukumori reported this vulnerability to IPA. JPCERT/CC coordinated with the vendo...

4.3CVSS6.2AI score0.01022EPSS
Exploits0References6
NVD
NVD
added 2009/06/12 8:30 p.m.18 views

CVE-2009-2041

Cross-site scripting XSS vulnerability in A51 D.O.O. activeCollab 0.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1772...

4.3CVSS5.6AI score0.01022EPSS
Exploits0References3
Prion
Prion
added 2009/06/12 8:30 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in A51 D.O.O. activeCollab 0.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1772...

4.3CVSS6AI score0.0164EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2009/06/12 8:7 p.m.58 views

CVE-2009-2041

CVE-2009-2041 is an XSS vulnerability in activeCollab 0.7.1 (A51 D.O.O.) allowing remote script injection via unspecified vectors. The Connected records show related entries for activeCollab 2.1 Corporate with an XSS in the re_route parameter, indicating a recurring vulnerability class in the sam...

4.3CVSS5.8AI score0.01022EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2009/06/12 8:7 p.m.19 views

CVE-2009-2041

Cross-site scripting XSS vulnerability in A51 D.O.O. activeCollab 0.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1772...

5.6AI score0.01022EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/06/10 12:0 a.m.24 views

JVN#55752635 Cross-site scripting vulnerability in activeCollab

activeCollab from A51 D.O.O. is software for project management. activeCollab contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software According to the vendor, activeCollab 0.x is no longer being developed or...

4.3CVSS6.1AI score0.01022EPSS
Exploits0
Prion
Prion
added 2009/05/22 6:30 p.m.16 views

Design/Logic Flaw

activeCollab 2.1 Corporate allows remote attackers to obtain sensitive information via an invalid reroute parameter to the login script, which reveals the installation path in an error message...

5CVSS6.7AI score0.01877EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2009/05/22 6:30 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in activeCollab 2.1 Corporate allows remote attackers to inject arbitrary web script or HTML via the reroute parameter to the login script...

4.3CVSS6AI score0.0164EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2009/05/22 6:0 p.m.18 views

CVE-2009-1773

activeCollab 2.1 Corporate allows remote attackers to obtain sensitive information via an invalid reroute parameter to the login script, which reveals the installation path in an error message...

6.2AI score0.01877EPSS
Exploits0References3
CVE
CVE
added 2009/05/22 6:0 p.m.55 views

CVE-2009-1772

CVE-2009-1772 is an XSS vulnerability in activeCollab 2.1 Corporate where the re_route parameter in the login script allows remote attackers to inject arbitrary web script or HTML. The connected documents corroborate the vector as a login-script parameter, but do not provide additional exploitati...

4.3CVSS5.8AI score0.0164EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2009/05/22 6:0 p.m.60 views

CVE-2009-1773

CVE-2009-1773 affects activeCollab 2.1 Corporate. A vulnerable path is the login script where an invalid re_route parameter causes an error message that reveals the installation path, leading to potential information disclosure. The linked sources describe this as a remote information disclosure ...

5CVSS6.4AI score0.01877EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2009/05/22 6:0 p.m.18 views

CVE-2009-1772

Cross-site scripting XSS vulnerability in activeCollab 2.1 Corporate allows remote attackers to inject arbitrary web script or HTML via the reroute parameter to the login script...

5.6AI score0.0164EPSS
Exploits0References3
securityvulns
securityvulns
added 2009/05/18 12:0 a.m.53 views

activeCollab XSS and Full Path Disclosure

activeCollab XSS and Full Path Disclosure Vuln. discovered by : r0t Date: 17 May 2009 Vendor:http://www.activecollab.com/ affected versions:2.1, corporate other versions also can be affected. orginal advisory: http://pridels-team.blogspot.com/2009/05/activecollab-xss-and-full-path.html 1.Cross-Si...

0.4AI score
Exploits0
Rows per page
Query Builder