Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

58 matches found

Prion
Prionadded 2011/09/24 12:55 a.m.13 views

Information disclosure

ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files...

5CVSS6.7AI score0.01229EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2011/09/24 12:0 a.m.14 views

CVE-2011-3797

ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files...

6.1AI score0.01229EPSS
Exploits0References3
CVE
CVEadded 2011/09/24 12:0 a.m.40 views

CVE-2011-3797

ProjectPier 0.8.0.3 is affected. The vulnerability stems from an information-disclosure flaw where a direct request to a PHP file (e.g., public/upgrade/templates/layout.php) can reveal the installation path in an error message. This is a remote issue that permits an attacker to obtain sensitive f...

5CVSS6.3AI score0.01229EPSS
Exploits0References3Affected Software1
Prion
Prionadded 2008/12/15 6:0 p.m.12 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in index.php in ProjectPier 0.8 and earlier allows remote attackers to perform actions as an administrator via the query string, as demonstrated by a delete project action...

6.8CVSS7.4AI score0.00657EPSS
Exploits1References5Affected Software1
Prion
Prionadded 2008/12/15 6:0 p.m.17 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ProjectPier 0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 a message, 2 a milestone, or 3 a display name in a profile, or the 4 a or 5 c parameter to index.php...

4.3CVSS6AI score0.02988EPSS
Exploits0References5Affected Software1
NVD
NVDadded 2008/12/15 6:0 p.m.11 views

CVE-2008-5584

Multiple cross-site scripting XSS vulnerabilities in ProjectPier 0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 a message, 2 a milestone, or 3 a display name in a profile, or the 4 a or 5 c parameter to index.php...

4.3CVSS5.8AI score0.02988EPSS
Exploits0References5
NVD
NVDadded 2008/12/15 6:0 p.m.11 views

CVE-2008-5583

Cross-site request forgery CSRF vulnerability in index.php in ProjectPier 0.8 and earlier allows remote attackers to perform actions as an administrator via the query string, as demonstrated by a delete project action...

6.8CVSS6.8AI score0.00657EPSS
Exploits1References5
Cvelist
Cvelistadded 2008/12/15 5:45 p.m.16 views

CVE-2008-5583

Cross-site request forgery CSRF vulnerability in index.php in ProjectPier 0.8 and earlier allows remote attackers to perform actions as an administrator via the query string, as demonstrated by a delete project action...

6.8AI score0.00657EPSS
Exploits1References5
Cvelist
Cvelistadded 2008/12/15 5:45 p.m.14 views

CVE-2008-5584

Multiple cross-site scripting XSS vulnerabilities in ProjectPier 0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 a message, 2 a milestone, or 3 a display name in a profile, or the 4 a or 5 c parameter to index.php...

5.8AI score0.02988EPSS
Exploits0References5
CVE
CVEadded 2008/12/15 5:45 p.m.47 views

CVE-2008-5584

CVE-2008-5584 affects ProjectPier ≤0.8, with multiple XSS vectors in index.php: (1) message, (2) milestone, (3) display name in a profile, and (4)/(5) a or c parameters. This allows remote injection of arbitrary script/HTML. No explicit patch/version remediation is provided in the connected docum...

4.3CVSS5.8AI score0.02988EPSS
Exploits0References5Affected Software1
CVE
CVEadded 2008/12/15 5:45 p.m.47 views

CVE-2008-5583

The CVE-2008-5583 entry describes a cross-site request forgery in ProjectPier 0.8 and earlier, where an attacker can cause actions as an administrator through the index.php query string (e.g., delete project). Affected software: ProjectPier 0.8 and earlier. Root cause: CSRF in index.php allowing ...

6.8CVSS6.8AI score0.00657EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologiesadded 2008/12/15 12:0 a.m.3 views

PT-2008-6644 · Projectpier · Projectpier

Name of the Vulnerable Software and Affected Versions: ProjectPier versions 0.8 and earlier Description: A cross-site request forgery issue allows remote attackers to perform actions as an administrator via the query string, such as a delete project action. Recommendations: For ProjectPier versio...

6.8CVSS6.8AI score0.00657EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2008/12/15 12:0 a.m.2 views

PT-2008-6645 · Projectpier · Projectpier

Name of the Vulnerable Software and Affected Versions: ProjectPier versions 0.8 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML via various means, including a message, a milestone, or a display name in a profile, or the a or c parameter to...

4.3CVSS6.4AI score0.02988EPSS
Exploits0References7
Packet Storm
Packet Stormadded 2008/02/20 12:0 a.m.25 views

projectpier-xssxsrf.txt

====================================================================== ProjectPier Impact: Cross Site Scripting Cross Site Request Forgery Status: patch available ------------------------------ Affected software description: ------------------------------ Application: ProjectPier Version: = 0.80...

7.4AI score
Exploits0
securityvulns
securityvulnsadded 2008/02/19 12:0 a.m.37 views

ProjectPier <= 0.80 Cross Site Scripting and Request Forgery

====================================================================== ProjectPier = 0.80 Cross Site Scripting and Request Forgery ====================================================================== Author: L4teral l4teral 4t gmail com Impact: Cross Site Scripting Cross Site Request Forgery...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessusadded 2008/02/19 12:0 a.m.31 views

ProjectPier index.php Multiple Parameter XSS

The remote host is running ProjectPier, an open source project management tool written in PHP. The version of ProjectPier installed on the remote host fails to sanitize user input to the 'refc' and 'refa' parameters of the 'index.php' script before using it to generate dynamic HTML output. An...

4.3CVSS6AI score0.02988EPSS
Exploits0References3
exploitpack
exploitpackadded 2008/02/18 12:0 a.m.11 views

ProjectPier 0.8 - Multiple HTML Injection Cross-Site Scripting Vulnerabilities

ProjectPier 0.8 - Multiple HTML Injection Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27857/info ProjectPier is prone to multiple HTML-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker m...

0.3AI score
Exploits0
Exploit DB
Exploit DBadded 2008/02/18 12:0 a.m.27 views

ProjectPier 0.8 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/27857/info ProjectPier is prone to multiple HTML-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an...

7.4AI score
Exploits0
Rows per page
Query Builder