EUVD-2021-28043

Malicious code in bioql PyPI...

EUVD-2021-28039

Malicious code in bioql PyPI...

ProjectSend < r1720 Improper Authorization

ProjectSend version prior to r1720 is affected by an Improper Authorization vulnerability. An unauthenticated attacker can exploit this issue to access sensitive information and perform unauthorized actions within the application. No source data...

CVE-2023-0607

Cross-site Scripting XSS - Stored in GitHub repository projectsend/projectsend prior to r1606...

CVE-2021-40887

Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder...

CVE-2018-7201

CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel...

CVE-2018-7202

An issue was discovered in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page...

CVE-2019-11378

An issue was discovered in ProjectSend r1053. upload-process-form.php allows finishedfiles=../ directory traversal. It is possible for users to read arbitrary files and potentially access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code...

CVE-2017-20101

A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zipdownload. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely...

CVE-2024-11680

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation...

ProjectSend Detection

Binary data projectsendprojectsenddetect.nbin...

CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

The U.S. Cybersecurity and Infrastructure Security Agency CISA added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The list of...

Exploit for Improper Authentication in Projectsend

CVE-2024-11680 PoC Exploit This repository contains a Proof of...

ProjectSend Improper Authentication Vulnerability

ProjectSend contains an improper authentication vulnerability that allows a remote, unauthenticated attacker to enable unauthorized modification of the application's configuration via crafted HTTP requests to options.php. Successful exploitation allows attackers to create accounts, upload...

Metasploit Weekly Wrap-Up 11/29/2024

New module content 4 Acronis Cyber Protect/Backup machine info disclosure Authors: Sandro Tolksdorf of usd AG. and h00die-gr3y [email protected] Type: Auxiliary Pull request: 19582 contributed by h00die-gr3y Path: gather/acroniscyberprotectmachineinfodisclosure AttackerKB reference:...

Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers

A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023, was not...

CVE-2024-11680

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation...

CVE-2024-11680 ProjectSend Unauthenticated Configuration Modification

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation...

CVE-2024-11680

ProjectSend exposes an improper authentication/authorization vulnerability that affects versions prior to r1720 (r1605 and older per sources). An unauthenticated remote attacker can exploit crafted requests to options.php to modify configuration, enabling account creation, file uploads (including...

CVE-2024-11680 ProjectSend Unauthenticated Configuration Modification

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation...