Lucene search
+L

776 matches found

CNVD
CNVD
added 2015/07/31 12:0 a.m.6 views

SO Planning SQL Injection Vulnerability

SO Planning is a free and open source set of online project production and management tools. SO Planning is vulnerable to a SQL injection vulnerability. The vulnerability is due to the program failing to adequately filter user-submitted input before constructing SQL query statements. An attacker...

9.8CVSS8AI score0.11938EPSS
Exploits5References1
CNVD
CNVD
added 2015/07/31 12:0 a.m.6 views

SO Planning Path Traversal Vulnerability

SO Planning is a free and open source set of online project production and management tools. SO Planning suffers from a path traversal vulnerability. An attacker can exploit this vulnerability to detect arbitrary remote files...

5.3CVSS7.1AI score0.40779EPSS
Exploits4References1
exploitpack
exploitpack
added 2015/07/13 12:0 a.m.87 views

SO Planning 1.32 - Multiple Vulnerabilities

SO Planning 1.32 - Multiple Vulnerabilities SOPlanning - Simple Online Planning Tool multiple vulnerabilities CVEs: CVE-2014-8673, CVE-2014-8674, CVE-2014-8675, CVE-2014-8676, CVE-2014-8677 Vendor: http://www.soplanning.org/ Product: SOPlanning - Simple Online Planning Version affected: 1.32 and...

7.5CVSS0.40779EPSS
Exploits7
Check Point Advisories
Check Point Advisories
added 2014/12/28 12:0 a.m.15 views

Microsoft Office Project Memory Validation Remote Code Execution (MS09-074) - Ver2 (CVE-2009-0102)

Microsoft Project is a project management software program designed to assist project managers to stay informed, keep project teams aligned, increase productivity and control project work, schedules, and finances. A remote code execution vulnerability has been identified in the way Microsoft...

9.3CVSS2.1AI score0.23504EPSS
Exploits1
seebug.org
seebug.org
added 2014/11/21 12:0 a.m.27 views

WSS项目管理系统越权修改信息密码

简要描述: 再也不用担心老大给任务了 详细说明: 公司一直用的是wss 1.3.2 无聊中想去看看这个有没有洞 明天要上班,大晚上的也不想去分析代码了,就用黑盒去试了一试 在用户这个地方,每个用户都有一个recordID 用自己公司的wss来做示范,当然是用基友的账号了,老大的可不敢动 先问一下基友的密码是多少 然后去修改自己的资料 抓包,将自己的ID改成基友的ID,他的ID是11,我的是14 改成六个2之后提示修改正确,然后去登陆看看 登陆成功! 然后我去告诉他之后,唉。 img s...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/11/07 12:0 a.m.46 views

JExperts Tecnologia / Channel Software Multiple Vulnerabilities

JExperts Tecnologia / Channel software version 5.0.33CCB allows for authorization bypass / privilege escalation via tampering with parameters in the GET request and a cross site scripting vulnerability. CVE-2014-8558 - JExperts Tecnologia / Channel Software Escalation Access Issues Vendor Notifie...

6.5CVSS6.6AI score0.01854EPSS
Exploits5
Packet Storm
Packet Storm
added 2014/09/24 12:0 a.m.18 views

insight.ly Cross Site Scripting

Author:Provensec Vendor: insight.ly Vulnerability Type:persistent xss Discription: Integrated online customer relationship management CRM and project management makes sure you are on top of critical business processes. Exploit: 1 Goto add contacts 2 Fill the work address field with xss payload...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

qdPM 7 - Arbitrary File upload

No description provided by source. Exploit qdPM v.7 Arbitrary File upload Date: June 13th 2012 Author: loneferret Version: 7 Vendor Url: http://qdpm.net/ Tested on: Winddows XP / XAMPP Discovered by: loneferret Software description: Free project management tool for small team qdPM is a free...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

netOffice Dwins <= 1.4p3 SQL Injection Vulnerability

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ posdubatgmail.com 2012-11-08 netOffice Dwins = 1.4p3 SQL Injection Vulnerability Script: netOffice Dwins is a free w...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

PHP Project Management <= 0.8.10 Multiple RFI / LFI Vulnerabilities

No description provided by source. PHP Project Management = 0.8.10 Multiple RFI / LFI Vulnerabilities http://surfnet.dl.sourceforge.net/sourceforge/php-pm/release-0.8.tar.gz DORK : PHP Project Management 0.8.10 POC : RFI /modules/certinfo/index.php?fullpath=http://localhost/shell.txt?...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

Collabtive 0.65 - Multiple Vulnerabilities

No description provided by source. ANATOLIA SECURITY ADVISORY ------------------------------------ ADVISORY INFO + Title: Collabtive Multiple Vulnerabilities + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt + Advisory ID: 2010-003 + Version: 0.65 + Date: 12/10/2010 + Impact...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

Collabtive SQL Injection Vulnerability

No description provided by source. ANATOLIA SECURITY ADVISORY --------------------------- ADVISORY INFO + Title: Collabtive SQL Injection Vulnerability + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-004.txt + Advisory ID: 2010-004 + Version: 0.65 + Date: 12/10/2010 + Impact:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

dotproject <= 2.1.6 - Remote File Inclusion Vulnerability

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ posdubatgmail.com 2012-11-13 dotProject = 2.1.6 Remote File Inclusion Vulnerability Script: PHP web-based project...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

Collabtive 1.1 (managetimetracker.php, id param) - SQL Injection

No description provided by source. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ || || || Advisory : Collabtive Sql Injection || || Affected Version : 1.1 || || Vendor : http://collabtive.o-dyn.de/index.php || || Risk : Medium || || CVE-ID : 2013-6872 || || Tested on Platform...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.34 views

Collabtive 1.2 - Stored XSS

No description provided by source. Vulnerability title: Stored XSS vulnerability in Collabtive application CVE-2014-3247 CVE: CVE-2014-3247coordinated with cve assigning team and vendor Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version: 1.12 Fixed...

4.3CVSS6.5AI score0.01736EPSS
Exploits5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.33 views

Collabtive 1.2 - SQL Injection

No description provided by source. Vulnerability title: SQL Injection / SQL Error message in Collabtive application CVE-2014-3246 CVE: CVE-2014-3246 cordinated with Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version: 1.12 Fixed version: 2.0 Reported by...

6.5CVSS0.3AI score0.01333EPSS
Exploits6
Packet Storm
Packet Storm
added 2014/05/08 12:0 a.m.40 views

Collabtive 1.12 SQL Injection

Vulnerability title: SQL Injection / SQL Error message in Collabtive application CVE-2014-3246 CVE: CVE-2014-3246 cordinated with Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version: 1.12 Fixed version: 2.0 Reported by: Deepak Rathore Severity: Critical...

6.5CVSS0.4AI score0.01333EPSS
Exploits6
exploitpack
exploitpack
added 2014/05/08 12:0 a.m.48 views

Collabtive 1.2 - Persistent Cross-Site Scripting

Collabtive 1.2 - Persistent Cross-Site Scripting Vulnerability title: Stored XSS vulnerability in Collabtive application CVE-2014-3247 CVE: CVE-2014-3247coordinated with cve assigning team and vendor Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version:...

4.3CVSS6.2AI score0.01736EPSS
Exploits5
exploitpack
exploitpack
added 2014/05/08 12:0 a.m.47 views

Collabtive 1.2 - SQL Injection

Collabtive 1.2 - SQL Injection Vulnerability title: SQL Injection / SQL Error message in Collabtive application CVE-2014-3246 CVE: CVE-2014-3246 cordinated with Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version: 1.12 Fixed version: 2.0 Reported by:...

6.5CVSS0.4AI score0.01333EPSS
Exploits6
Exploit DB
Exploit DB
added 2014/05/08 12:0 a.m.35 views

Collabtive 1.2 - SQL Injection

Vulnerability title: SQL Injection / SQL Error message in Collabtive application CVE-2014-3246 CVE: CVE-2014-3246 cordinated with Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version: 1.12 Fixed version: 2.0 Reported by: Deepak Rathore Severity: Critical...

6.5CVSS6.8AI score0.01333EPSS
Exploits6
Rows per page
Query Builder