39 matches found
CVE-2010-0215
ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and 1 delete an attachment or 2 subscribe to an object, via a crafted URL...
PT-2011-1360 · A51 · Activecollab
Name of the Vulnerable Software and Affected Versions: ActiveCollab versions prior to 2.3.2 Description: The issue allows remote authenticated users to bypass intended access restrictions. This can lead to unauthorized actions such as deleting an attachment or subscribing to an object, which can ...
ActiveCollab permissions failure
Overview An authenticated user can view and delete projects or files that they are not assigned to. Description An authenticated user with no permission to a project can subscribe to the project, delete files, and possibly take other actions by loading a specifically crafted URL. Specific fields...
ActiveCollab 2.3.0 Directory Traversal / Local File Inclusion
============================================================ PAINSEC SECURITY RESEARCH GROUP SECURITY ADVISORY 2010-001 - Original release date: June 24th, 2010 - Discovered by: Jose Carlos de Arriba dade at painsec dot com - Severity: 10/10 Base CVSS Score...
ActiveCollab 2.3.0 - Local File Inclusion Directory Traversal
ActiveCollab 2.3.0 - Local File Inclusion Directory Traversal ============================================================ PAINSEC SECURITY RESEARCH GROUP SECURITY ADVISORY 2010-001 - Original release date: June 24th, 2010 - Discovered by: Jose Carlos de Arriba dade at painsec dot com - Severity:...
ActiveCollab 2.3.0 - Local File Inclusion / Directory Traversal
============================================================ PAINSEC SECURITY RESEARCH GROUP SECURITY ADVISORY 2010-001 - Original release date: June 24th, 2010 - Discovered by: Jose Carlos de Arriba dade at painsec dot com - Severity: 10/10 Base CVSS Score...
Cross-site scripting vulnerability in activeCollab
Overview activeCollab from A51 D.O.O. contains a cross-site scripting vulnerability. activeCollab from A51 D.O.O. is software for project management. activeCollab contains a cross-site scripting vulnerability. Daiki Fukumori reported this vulnerability to IPA. JPCERT/CC coordinated with the vendo...
CVE-2009-2041
Cross-site scripting XSS vulnerability in A51 D.O.O. activeCollab 0.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1772...
Cross site scripting
Cross-site scripting XSS vulnerability in A51 D.O.O. activeCollab 0.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1772...
CVE-2009-2041
CVE-2009-2041 is an XSS vulnerability in activeCollab 0.7.1 (A51 D.O.O.) allowing remote script injection via unspecified vectors. The Connected records show related entries for activeCollab 2.1 Corporate with an XSS in the re_route parameter, indicating a recurring vulnerability class in the sam...
CVE-2009-2041
Cross-site scripting XSS vulnerability in A51 D.O.O. activeCollab 0.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1772...
JVN#55752635 Cross-site scripting vulnerability in activeCollab
activeCollab from A51 D.O.O. is software for project management. activeCollab contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software According to the vendor, activeCollab 0.x is no longer being developed or...
Design/Logic Flaw
activeCollab 2.1 Corporate allows remote attackers to obtain sensitive information via an invalid reroute parameter to the login script, which reveals the installation path in an error message...
Cross site scripting
Cross-site scripting XSS vulnerability in activeCollab 2.1 Corporate allows remote attackers to inject arbitrary web script or HTML via the reroute parameter to the login script...
CVE-2009-1773
activeCollab 2.1 Corporate allows remote attackers to obtain sensitive information via an invalid reroute parameter to the login script, which reveals the installation path in an error message...
CVE-2009-1772
CVE-2009-1772 is an XSS vulnerability in activeCollab 2.1 Corporate where the re_route parameter in the login script allows remote attackers to inject arbitrary web script or HTML. The connected documents corroborate the vector as a login-script parameter, but do not provide additional exploitati...
CVE-2009-1773
CVE-2009-1773 affects activeCollab 2.1 Corporate. A vulnerable path is the login script where an invalid re_route parameter causes an error message that reveals the installation path, leading to potential information disclosure. The linked sources describe this as a remote information disclosure ...
CVE-2009-1772
Cross-site scripting XSS vulnerability in activeCollab 2.1 Corporate allows remote attackers to inject arbitrary web script or HTML via the reroute parameter to the login script...
activeCollab XSS and Full Path Disclosure
activeCollab XSS and Full Path Disclosure Vuln. discovered by : r0t Date: 17 May 2009 Vendor:http://www.activecollab.com/ affected versions:2.1, corporate other versions also can be affected. orginal advisory: http://pridels-team.blogspot.com/2009/05/activecollab-xss-and-full-path.html 1.Cross-Si...