215 matches found
Collabtive 2.0 Shell Upload
Vulnerability title: Arbitrary File Upload In Collabtive CVE: CVE-2015-0258 Vendor: Collabtive Product: Collabtive Affected version: 2.0 Fixed version: 2.1 Reported by: Arturo Rodriguez Details: It was discovered that authenticated users were able to upload files with extensions: php3, php4, php5...
Collabtive 2.0 Cross Site Scripting
Affected software: collabtive Type of vulnerability: stored xss URL: http://www.collabtive.o-dyn.de/ Discovered by: Provensec Website: http://www.provensec.com Description: collabtive stored xss version:2.0 Proof of concept goto Collabtive add new project with xss payload and save it javascript...
COLLABTIVE Cloud Service Detection
Binary data 8439.prm...
Collabtive 0.65 - Multiple Vulnerabilities
No description provided by source. ANATOLIA SECURITY ADVISORY ------------------------------------ ADVISORY INFO + Title: Collabtive Multiple Vulnerabilities + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt + Advisory ID: 2010-003 + Version: 0.65 + Date: 12/10/2010 + Impact...
Collabtive 1.2 - SQL Injection
No description provided by source. Vulnerability title: SQL Injection / SQL Error message in Collabtive application CVE-2014-3246 CVE: CVE-2014-3246 cordinated with Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version: 1.12 Fixed version: 2.0 Reported by...
Collabtive SQL Injection Vulnerability
No description provided by source. ANATOLIA SECURITY ADVISORY --------------------------- ADVISORY INFO + Title: Collabtive SQL Injection Vulnerability + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-004.txt + Advisory ID: 2010-004 + Version: 0.65 + Date: 12/10/2010 + Impact:...
Collabtive 0.6.3 - Multiple Vulnerabilities
No description provided by source...
Collabtive 1.1 (managetimetracker.php, id param) - SQL Injection
No description provided by source. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ || || || Advisory : Collabtive Sql Injection || || Affected Version : 1.1 || || Vendor : http://collabtive.o-dyn.de/index.php || || Risk : Medium || || CVE-ID : 2013-6872 || || Tested on Platform...
Collabtive 1.0 (manageuser.php, task param) - SQL Injection Vulnerability
No description provided by source. Exploit Title: Collabtive 1.0 SQLi Date: 06/17/2013 Exploit Author: drone @dronesec More information: http://forelsec.blogspot.com/2013/06/collabtive-10-sqli.html Vendor homepage: http://collabtive.o-dyn.de/ Software link:...
Collabtive 1.2 - Stored XSS
No description provided by source. Vulnerability title: Stored XSS vulnerability in Collabtive application CVE-2014-3247 CVE: CVE-2014-3247coordinated with cve assigning team and vendor Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version: 1.12 Fixed...
Collabtive 1.2 /class.project.php 跨站脚本漏洞
No description provided by source...
CVE-2014-3247
Cross-site scripting XSS vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project addpro action to admin.php...
Cross site scripting
Cross-site scripting XSS vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project addpro action to admin.php...
CVE-2014-3247
Cross-site scripting XSS vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project addpro action to admin.php...
CVE-2014-3247
Cross-site scripting XSS vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project addpro action to admin.php...
CVE-2014-3247
Collabtive 1.2 contains a Stored XSS in the Add Project (admin.php?action=addpro) path. The desc parameter value is copied into the HTML document as plain text between tags, allowing arbitrary JavaScript execution. Affected product/version: Collabtive 1.12; fixed in version 2.0. Impact: authentic...
CVE-2014-3246
SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileviewlist action to manageajax.php...
CVE-2014-3246
SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileviewlist action to manageajax.php...
Sql injection
SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileviewlist action to manageajax.php...
CVE-2014-3246
CVE-2014-3246 affects Collabtive (1.2/1.12). A SQL injection exists in the folder parameter of the fileview_list action in manageajax.php, exploitable by authenticated users. Several connected sources document the vulnerability, including exploit notes showing the folder parameter can be manipula...