215 matches found
CVE-2014-3246
CVE-2014-3246 affects Collabtive (1.2/1.12). A SQL injection exists in the folder parameter of the fileview_list action in manageajax.php, exploitable by authenticated users. Several connected sources document the vulnerability, including exploit notes showing the folder parameter can be manipula...
Collabtive 1.2 - Stored XSS Vulnerability
Exploit for php platform in category web applications Vulnerability title: Stored XSS vulnerability in Collabtive application CVE-2014-3247 CVE: CVE-2014-3247coordinated with cve assigning team and vendor Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected...
Collabtive 1.12 SQL Injection Vulnerability
Collabtive version 1.12 suffers from a remote SQL injection vulnerability. Vulnerability title: SQL Injection / SQL Error message in Collabtive application CVE-2014-3246 CVE: CVE-2014-3246 cordinated with Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected...
Collabtive 1.12 SQL Injection
Vulnerability title: SQL Injection / SQL Error message in Collabtive application CVE-2014-3246 CVE: CVE-2014-3246 cordinated with Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version: 1.12 Fixed version: 2.0 Reported by: Deepak Rathore Severity: Critical...
Collabtive 1.2 - Persistent Cross-Site Scripting
Collabtive 1.2 - Persistent Cross-Site Scripting Vulnerability title: Stored XSS vulnerability in Collabtive application CVE-2014-3247 CVE: CVE-2014-3247coordinated with cve assigning team and vendor Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version:...
Collabtive 1.2 - SQL Injection
Collabtive 1.2 - SQL Injection Vulnerability title: SQL Injection / SQL Error message in Collabtive application CVE-2014-3246 CVE: CVE-2014-3246 cordinated with Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version: 1.12 Fixed version: 2.0 Reported by:...
Collabtive 1.2 - Persistent Cross-Site Scripting
Vulnerability title: Stored XSS vulnerability in Collabtive application CVE-2014-3247 CVE: CVE-2014-3247coordinated with cve assigning team and vendor Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version: 1.12 Fixed version: 2.0 Reported by: Deepak Ratho...
Collabtive 1.2 - SQL Injection
Vulnerability title: SQL Injection / SQL Error message in Collabtive application CVE-2014-3246 CVE: CVE-2014-3246 cordinated with Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version: 1.12 Fixed version: 2.0 Reported by: Deepak Rathore Severity: Critical...
CVE-2013-6872
SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action...
CVE-2013-6872
SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action...
Sql injection
SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action...
CVE-2013-6872
CVE-2013-6872 affects Collabtive prior to 1.2. It is a SQL injection in managetimetracker.php via the id parameter in a projectpdf action, exploitable by remote authenticated users. The NVD entry lists a CVSS v2 base score of 6.5 (Medium) with network access, low attack complexity, single authent...
CVE-2013-6872
SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action...
Collabtive managetimetracker.php SQL注入漏洞
Collabtive是基于Web的项目管理软件。 应用程序在managetimetracker.php页面的id参数中未能验证用户提供的输入,可以导致SQL注入。 0 Collabtive 1.1 目前厂商暂无提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://collabtive.o-dyn.de/index.php Proof of Concept: URL: http://www.example.com/collabtive/managetimetracker.php?action=projectpdf&id=2 PAYLOAD:...
Collabtive 1.1 SQL Injection Vulnerability
Exploit for php platform in category web applications =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ || || || Advisory : Collabtive Sql Injection || || Affected Version : 1.1 || || Vendor : http://collabtive.o-dyn.de/index.php || || Risk : Medium || || CVE-ID : 2013-6872 || ||...
Collabtive 1.1 - managetimetracker.php SQL Injection
Collabtive 1.1 - managetimetracker.php SQL Injection =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ || || || Advisory : Collabtive Sql Injection || || Affected Version : 1.1 || || Vendor : http://collabtive.o-dyn.de/index.php || || Risk : Medium || || CVE-ID : 2013-6872 || ||...
Collabtive 1.1 - 'managetimetracker.php' SQL Injection
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ || || || Advisory : Collabtive Sql Injection || || Affected Version : 1.1 || || Vendor : http://collabtive.o-dyn.de/index.php || || Risk : Medium || || CVE-ID : 2013-6872 || || Tested on Platform : Windows 7 ||...
Collabtive 1.1 SQL Injection
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ || || || Advisory : Collabtive Sql Injection || || Affected Version : 1.1 || || Vendor : http://collabtive.o-dyn.de/index.php || || Risk : Medium || || CVE-ID : 2013-6872 || || Tested on Platform : Windows 7 ||...
Improper Access Control in Collabtive
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Collabtive, which can be exploited to gain complete control over the application. 1 Improper Access Control in Collabtive: CVE-2013-5027 The vulnerability exists due to improper access restrictions to the third installation...
Collabtive 1.0 XSS / Shell Upload / Privilege Escalation
Collabtive version 1.0 suffers from cross site scripting, remote shell upload, and arbitrary account deletion vulnerabilities. ============================================= - Release date: July 22th, 2013 - Discovered by: Enrico Cinquini - Severity: High...