776 matches found
[SECURITY] Fedora 26 Update: php-horde-nag-4.2.15-1.fc26
Nag is a web-based application built upon the Horde Application Framework which provides a simple, clean interface for managing online task lists i.e., todo lists. It also includes strong integration with the other Horde applications and allows users to share task lists or enable light-weight...
The U.S. Department of Justice is how to build a vulnerability disclosure plan framework-vulnerability warning-the black bar safety net
The U.S. Department of Justice(DOJ criminal sector of the network security division recently created the“online system vulnerability disclosure framework”, designed to help organizations develop a formal vulnerability disclosure program. ! In fact, now more and more business organizations have...
HPE Project and Portfolio Management Center Cross-Site Scripting Vulnerability
HPE Project and Portfolio Management Center PPM is a suite of solutions from Hewlett Packard Enterprise HPE that provides project executives with the visibility and strategic operational needs to make decisions based on real-time visibility into the project lifecycle of the project portfolio. A...
Elevation of Privilege Vulnerability in WSS Project Management System
WSS Project Management System is a browser-based collaborative office platform that integrates "Project Management", "Task Management", "Work Hour Management", "Work Log Management" and "Work Log Management". management" as one of the collaborative office platform. An elevation of privilege...
Zendo Project Management Software Open Source 9.1.1 SQL Injection Vulnerability
Zendo is an open source project management software. Zendo Project Management Software Open Source 9.1.1 SQL injection vulnerability exists in module\block\control.php page. Due to the lack of filtering of the 'main' parameter, allowing attackers to exploit the vulnerability to obtain sensitive...
Remote Command Execution Vulnerability in Zendo Project Management System
Zendo Project Management System is an open source project management software. A remote command execution vulnerability exists in Zendo Project Management System. It allows an attacker to remotely execute commands and gain server privileges...
Design flaws in the backend of Zendo project management software of Qingdao Easoft Tianchuang Network Technology Co.
Zendo is open source free project management software. Qingdao Easoft Tianchuang Network Technology Co., Ltd Zendo project management software backend there are design flaws vulnerabilities. Allow attackers to use the background sql query function to write webshell and gain server privileges...
ManageEngine ServiceDesk Plus 9.2 Build 9207 Information Disclosure Vulnerability
Exploit for jsp platform in category web applications Title: ManageEngine ServiceDesk Plus Low Privileged User View All Tickets Date: 18 October 2016 Author: p0z Vendor: ManageEngine Vendor Homepage: https://www.manageengine.com/ Product: ServiceDesk Plus Version: 9.2 Build 9207 Other versions...
Wrike - Project Management - Base64 encoded String, Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Wrike - Project Management published at the 'play' market has multiple vulnerabilities...
Arbitrary File Upload Vulnerability in Jianwen Project Management System
Jianwen project management system is a .net developed cycle management system applied to a variety of engineering projects There is an arbitrary file upload vulnerability in the Jianwen Project Management System: File upload vulnerability address:...
SQL Injection Vulnerability in Kin Man Project Management System
Jianwen project management system is a .net developed cycle management system applied to a variety of engineering projects Jianwen Project Management System suffers from SQL injection vulnerability and arbitrary file upload vulnerability: SQL injection vulnerability URL is:...
Unspecified Vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management (CNVD-2016-05451)
Oracle Primavera is a set of Oracle Oracle for project-intensive industries enterprise project portfolio management EPPM solution. The solution helps organizations assess project risks and rewards, determine the resources and skills needed to get the job done, and more. A security vulnerability i...
The vulnerability of the Microsoft Project project management software allows a remote attacker to execute arbitrary code and gain control over the system.
Microsoft Project software has vulnerabilities related to errors that occur during the processing of specially crafted files. Exploiting these vulnerabilities allows a malicious attacker to execute arbitrary code and gain full control over the system...
Multiple Vulnerabilities in HPE Project and Portfolio Management Center
HPE Project and Portfolio Management Center PPM is a suite of solutions from Hewlett Packard Enterprise HPE that provides project executives with the visibility and strategic operational needs to make decisions based on real-time visibility into the project lifecycle of the project portfolio. An...
Debian Security Advisory DSA 3529-1 (redmine - security update)
Multiple vulnerabilities have been found in Redmine, a project management web application, which may result in information disclosure. OpenVAS Vulnerability Test $Id: deb3529.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3529-1 using nvtgen 1.0 Script version: 1.0...
Debian: Security Advisory (DSA-3529-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Redmine Information Disclosure Vulnerability
Redmine is a set of open source Web-based project management and defect tracking tools . An information disclosure vulnerability exists in Redmine. An attacker can exploit this vulnerability to obtain sensitive information...
用友项目管理系统设计不当可以登入获取大量敏感信息
简要描述: 用友项目管理系统设计不当可以登入获取大量敏感信息 详细说明: 用友产品缺陷管理系统使用了JIRA,对外网开放了后台访问和注册权限,导致可以任意注册用进行登录查看相关项目信息 泄露后台:http://123.103.9.112/login.jsp 注册地址:http://123.103.9.112/secure/Signup!default.jspa 漏洞证明:...
Celoxis 9.5 Cross Site Scripting
================================================================ Celoxis alert"XSS" Advisory Timeline -------------------- 08/10/2015 - Informed Vendor about Issue 08/10/2015 - Vendor responded 12/11/2015 - Reminded Vendor 14/11/2015 - Vendor responded saying 'they changed the framework itself to...
Celoxis 9.5 Cross Site Scripting Vulnerability
Celoxis versions 9.5 and below suffer from a cross site scripting vulnerability. ================================================================ Celoxis alert"XSS" Advisory Timeline -------------------- 08/10/2015 - Informed Vendor about Issue 08/10/2015 - Vendor responded 12/11/2015 - Reminded...