Lucene search
+L

215 matches found

CVE
CVE
added 2014/05/13 2:0 p.m.62 views

CVE-2014-3246

CVE-2014-3246 affects Collabtive (1.2/1.12). A SQL injection exists in the folder parameter of the fileview_list action in manageajax.php, exploitable by authenticated users. Several connected sources document the vulnerability, including exploit notes showing the folder parameter can be manipula...

6.5CVSS8AI score0.01333EPSS
Exploits6References2Affected Software1
0day.today
0day.today
added 2014/05/12 12:0 a.m.42 views

Collabtive 1.2 - Stored XSS Vulnerability

Exploit for php platform in category web applications Vulnerability title: Stored XSS vulnerability in Collabtive application CVE-2014-3247 CVE: CVE-2014-3247coordinated with cve assigning team and vendor Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected...

4.3CVSS6.5AI score0.01736EPSS
Exploits5
0day.today
0day.today
added 2014/05/08 12:0 a.m.43 views

Collabtive 1.12 SQL Injection Vulnerability

Collabtive version 1.12 suffers from a remote SQL injection vulnerability. Vulnerability title: SQL Injection / SQL Error message in Collabtive application CVE-2014-3246 CVE: CVE-2014-3246 cordinated with Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected...

6.5CVSS0.6AI score0.01333EPSS
Exploits6
Packet Storm
Packet Storm
added 2014/05/08 12:0 a.m.40 views

Collabtive 1.12 SQL Injection

Vulnerability title: SQL Injection / SQL Error message in Collabtive application CVE-2014-3246 CVE: CVE-2014-3246 cordinated with Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version: 1.12 Fixed version: 2.0 Reported by: Deepak Rathore Severity: Critical...

6.5CVSS0.4AI score0.01333EPSS
Exploits6
exploitpack
exploitpack
added 2014/05/08 12:0 a.m.48 views

Collabtive 1.2 - Persistent Cross-Site Scripting

Collabtive 1.2 - Persistent Cross-Site Scripting Vulnerability title: Stored XSS vulnerability in Collabtive application CVE-2014-3247 CVE: CVE-2014-3247coordinated with cve assigning team and vendor Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version:...

4.3CVSS6.2AI score0.01736EPSS
Exploits5
exploitpack
exploitpack
added 2014/05/08 12:0 a.m.47 views

Collabtive 1.2 - SQL Injection

Collabtive 1.2 - SQL Injection Vulnerability title: SQL Injection / SQL Error message in Collabtive application CVE-2014-3246 CVE: CVE-2014-3246 cordinated with Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version: 1.12 Fixed version: 2.0 Reported by:...

6.5CVSS0.4AI score0.01333EPSS
Exploits6
Exploit DB
Exploit DB
added 2014/05/08 12:0 a.m.33 views

Collabtive 1.2 - Persistent Cross-Site Scripting

Vulnerability title: Stored XSS vulnerability in Collabtive application CVE-2014-3247 CVE: CVE-2014-3247coordinated with cve assigning team and vendor Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version: 1.12 Fixed version: 2.0 Reported by: Deepak Ratho...

4.3CVSS6.6AI score0.01736EPSS
Exploits5
Exploit DB
Exploit DB
added 2014/05/08 12:0 a.m.35 views

Collabtive 1.2 - SQL Injection

Vulnerability title: SQL Injection / SQL Error message in Collabtive application CVE-2014-3246 CVE: CVE-2014-3246 cordinated with Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version: 1.12 Fixed version: 2.0 Reported by: Deepak Rathore Severity: Critical...

6.5CVSS6.8AI score0.01333EPSS
Exploits6
NVD
NVD
added 2014/01/21 3:17 p.m.28 views

CVE-2013-6872

SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action...

6.5CVSS7.8AI score0.02458EPSS
Exploits2References6
UbuntuCve
UbuntuCve
added 2014/01/21 3:17 p.m.40 views

CVE-2013-6872

SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action...

6.5CVSS6.2AI score0.02458EPSS
Exploits2References3
Prion
Prion
added 2014/01/21 3:17 p.m.29 views

Sql injection

SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action...

6.5CVSS8.5AI score0.02458EPSS
Exploits2References6Affected Software1
CVE
CVE
added 2014/01/21 3:0 p.m.51 views

CVE-2013-6872

CVE-2013-6872 affects Collabtive prior to 1.2. It is a SQL injection in managetimetracker.php via the id parameter in a projectpdf action, exploitable by remote authenticated users. The NVD entry lists a CVSS v2 base score of 6.5 (Medium) with network access, low attack complexity, single authent...

6.5CVSS8.1AI score0.02458EPSS
Exploits2References6Affected Software1
Cvelist
Cvelist
added 2014/01/21 3:0 p.m.30 views

CVE-2013-6872

SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action...

7.8AI score0.02458EPSS
Exploits2References6
seebug.org
seebug.org
added 2014/01/16 12:0 a.m.11 views

Collabtive managetimetracker.php SQL注入漏洞

Collabtive是基于Web的项目管理软件。 应用程序在managetimetracker.php页面的id参数中未能验证用户提供的输入,可以导致SQL注入。 0 Collabtive 1.1 目前厂商暂无提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://collabtive.o-dyn.de/index.php Proof of Concept: URL: http://www.example.com/collabtive/managetimetracker.php?action=projectpdf&id=2 PAYLOAD:...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/01/15 12:0 a.m.22 views

Collabtive 1.1 SQL Injection Vulnerability

Exploit for php platform in category web applications =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ || || || Advisory : Collabtive Sql Injection || || Affected Version : 1.1 || || Vendor : http://collabtive.o-dyn.de/index.php || || Risk : Medium || || CVE-ID : 2013-6872 || ||...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2014/01/15 12:0 a.m.15 views

Collabtive 1.1 - managetimetracker.php SQL Injection

Collabtive 1.1 - managetimetracker.php SQL Injection =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ || || || Advisory : Collabtive Sql Injection || || Affected Version : 1.1 || || Vendor : http://collabtive.o-dyn.de/index.php || || Risk : Medium || || CVE-ID : 2013-6872 || ||...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2014/01/15 12:0 a.m.21 views

Collabtive 1.1 - 'managetimetracker.php' SQL Injection

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ || || || Advisory : Collabtive Sql Injection || || Affected Version : 1.1 || || Vendor : http://collabtive.o-dyn.de/index.php || || Risk : Medium || || CVE-ID : 2013-6872 || || Tested on Platform : Windows 7 ||...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2014/01/14 12:0 a.m.41 views

Collabtive 1.1 SQL Injection

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ || || || Advisory : Collabtive Sql Injection || || Affected Version : 1.1 || || Vendor : http://collabtive.o-dyn.de/index.php || || Risk : Medium || || CVE-ID : 2013-6872 || || Tested on Platform : Windows 7 ||...

6.5CVSS0.1AI score0.02458EPSS
Exploits2
htbridge
htbridge
added 2013/07/31 12:0 a.m.37 views

Improper Access Control in Collabtive

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Collabtive, which can be exploited to gain complete control over the application. 1 Improper Access Control in Collabtive: CVE-2013-5027 The vulnerability exists due to improper access restrictions to the third installation...

7.5CVSS9.2AI score0.01253EPSS
Exploits1Affected Software1
0day.today
0day.today
added 2013/07/23 12:0 a.m.27 views

Collabtive 1.0 XSS / Shell Upload / Privilege Escalation

Collabtive version 1.0 suffers from cross site scripting, remote shell upload, and arbitrary account deletion vulnerabilities. ============================================= - Release date: July 22th, 2013 - Discovered by: Enrico Cinquini - Severity: High...

7.2AI score
Exploits0
Rows per page
Query Builder