215 matches found
CVE-2008-6947
Collabtive 0.4.8 allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Collabtive 0.4.8 allow remote attackers to hijack the authentication of administrators for requests that 1 submit or edit a new project, or 2 upload files to a project, or 3 attach files to messages via unknown vectors. NOTE: these issue...
Cross site scripting
Cross-site scripting XSS vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to admin.php...
CVE-2008-6947
CVE-2008-6947 affects Collabtive 0.4.8. The vulnerability allows remote attackers to bypass authentication and create new users (including administrators) through an unspecified vector related to the added mode in a users action to admin.php. The connected sources (NVD, CVE listings, and related ...
CVE-2008-6949
CVE-2008-6949 affects Collabtive 0.4.8 with multiple CSRF vulnerabilities that let an attacker hijack administrator authentication to perform actions such as submitting or editing a project, uploading files to a project, or attaching files to messages. The issues may be leveraged with other vulne...
CVE-2008-6948
Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct request to the file in files/, related to 1 the showproject acti...
CVE-2008-6949
Multiple cross-site request forgery CSRF vulnerabilities in Collabtive 0.4.8 allow remote attackers to hijack the authentication of administrators for requests that 1 submit or edit a new project, or 2 upload files to a project, or 3 attach files to messages via unknown vectors. NOTE: these issue...
CVE-2008-6946
CVE-2008-6946 describes a cross-site scripting (XSS) vulnerability in Collabtive 0.4.8. The issue affects manageproject.php where the project name is not properly sanitized during an admin editform action, enabling user-assisted remote attackers to inject arbitrary web script or HTML. The core de...
CVE-2008-6947
Collabtive 0.4.8 allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php...
CVE-2008-6948
The CVE-2008-6948 entry describes an Unrestricted file upload vulnerability in Collabtive 0.4.8. A remote authenticated user can upload a file with an executable extension and a text/plain MIME type, then access it via a direct request to the file in the files/ directory to execute arbitrary code...
Collabtive 0.4.8 (XSS/Auth Bypass/Upload) Multiple Vulnerabilities
No description provided by source. Collabtive 0.4.8 Multiple Vulnerabilities Name Multiple Vulnerabilities in Collabtive Systems Affected Collabtive 0.4.8 and possibly earlier versions Severity High Impact CVSSv2 High 8/10, vector: AV:N/AC:L/Au:S/C:P/I:C/A:P Vendor http://collabtive.o-dyn.de/...
Collabtive 0.4.8 Multiple Vulnerabilities
Collabtive 0.4.8 Multiple Vulnerabilities Name Multiple Vulnerabilities in Collabtive Systems Affected Collabtive 0.4.8 and possibly earlier versions Severity High Impact CVSSv2 High 8/10, vector: AV:N/AC:L/Au:S/C:P/I:C/A:P Vendor http://collabtive.o-dyn.de/ Advisory...
Collabtive 0.4.8 (XSS/Auth Bypass/Upload) Multiple Vulnerabilities
Exploit for unknown platform in category web applications ================================================================== Collabtive 0.4.8 XSS/Auth Bypass/Upload Multiple Vulnerabilities ================================================================== Collabtive 0.4.8 Multiple Vulnerabilitie...
Collabtive 0.4.8 - Cross-Site Scripting Authentication Bypass Arbitrary File Upload
Collabtive 0.4.8 - Cross-Site Scripting Authentication Bypass Arbitrary File Upload Collabtive 0.4.8 Multiple Vulnerabilities Name Multiple Vulnerabilities in Collabtive Systems Affected Collabtive 0.4.8 and possibly earlier versions Severity High Impact CVSSv2 High 8/10, vector:...
Collabtive 0.4.8 - Cross-Site Scripting / Authentication Bypass / Arbitrary File Upload
Collabtive 0.4.8 Multiple Vulnerabilities Name Multiple Vulnerabilities in Collabtive Systems Affected Collabtive 0.4.8 and possibly earlier versions Severity High Impact CVSSv2 High 8/10, vector: AV:N/AC:L/Au:S/C:P/I:C/A:P Vendor http://collabtive.o-dyn.de/ Advisory...