333 matches found
CVE-2017-20101 ProjectSend information disclosure
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zipdownload. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely...
CVE-2017-20101
CVE-2017-20101 affects ProjectSend r754. A vulnerability in the file/process: process.php?do=zip_download allows manipulation of the argument client/file, leading to information disclosure. The flaw is exploitable remotely. Connected documents confirm the impact as an information disclosure vulne...
CVE-2017-20101 ProjectSend information disclosure
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zipdownload. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely...
ProjectSend 信息泄露漏洞
ProjectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. A security vulnerability exists in ProjectSend version r754, where the source application provides direct access to an object-based application that allows an attacker to bypass authorization and...
Projectsend Directory Traversal (CVE-2021-40887)
A directory traversal vulnerability exists in Projectsend. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...
Projectsend Cross Site Scripting
A cross-site scripting vulnerability exists in Projectsend. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Projectsend Directory Traversal Vulnerability
ProjectSend is a free, client-oriented, private file sharing web application. A directory traversal vulnerability exists in Projectsend version r1295. An attacker can exploit this vulnerability by adding the value 2 to the chunks parameter to bypass fileName validation...
Projectsend directory traversal vulnerability
A directory traversal vulnerability exists in ProjectSend version r1295, a free, customer-facing private file sharing Web application. The vulnerability stems from a lack of validation of the input to the files parameter. An attacker could exploit the vulnerability by adding ... /upload/files/...
Projectsend Information Disclosure Vulnerability
An information disclosure vulnerability exists in ProjectSend version r1295, a free, customer-facing private file sharing web application. The vulnerability stems from the ids parameter in files-edit.php and the id parameter in process.php not checking for authorization. An attacker could exploit...
CVE-2021-40888
Projectsend version r1295 is affected by Cross Site Scripting XSS due to lack of sanitization when echo output data in returnFilesIds function. A low privilege user can call this function through process.php file and execute scripting code...
CVE-2021-40884
Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application...
CVE-2021-40886
Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value 2 for chunks parameter to bypass fileName sanitization...
CVE-2021-40887
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder...
CVE-2021-40886
Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value 2 for chunks parameter to bypass fileName sanitization...
CVE-2021-40888
Projectsend version r1295 is affected by Cross Site Scripting XSS due to lack of sanitization when echo output data in returnFilesIds function. A low privilege user can call this function through process.php file and execute scripting code...
CVE-2021-40884
Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application...
CVE-2021-40887
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder...
Directory traversal
Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value 2 for chunks parameter to bypass fileName sanitization...
Directory traversal
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder...
Cross site scripting
Projectsend version r1295 is affected by Cross Site Scripting XSS due to lack of sanitization when echo output data in returnFilesIds function. A low privilege user can call this function through process.php file and execute scripting code...