CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

333 matches found

NVD•added 2019/04/26 9:29 p.m.•12 views

CVE-2019-11533

Cross-site scripting XSS vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML...

6.1CVSS6.1AI score0.00229EPSS

Exploits0References2

OSV•added 2019/04/26 9:29 p.m.•13 views

CVE-2019-11533

Cross-site scripting XSS vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML...

6.1CVSS6AI score

Exploits0References2

Prion•added 2019/04/26 9:29 p.m.•9 views

Code injection

ProjectSend before r1070 writes user passwords to the server logs...

5CVSS7.5AI score0.00322EPSS

Exploits0References1Affected Software1

NVD•added 2019/04/26 9:29 p.m.•11 views

CVE-2019-11492

ProjectSend before r1070 writes user passwords to the server logs...

7.5CVSS7.5AI score0.00322EPSS

Exploits0References1

Prion•added 2019/04/26 9:29 p.m.•10 views

Cross site scripting

Cross-site scripting XSS vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML...

4.3CVSS6.1AI score0.00229EPSS

Exploits0References2Affected Software1

OSV•added 2019/04/26 9:29 p.m.•13 views

CVE-2019-11492

ProjectSend before r1070 writes user passwords to the server logs...

7.5CVSS6.8AI score

Exploits0References1

Cvelist•added 2019/04/26 8:6 p.m.•9 views

CVE-2019-11533

Cross-site scripting XSS vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML...

6.1AI score0.00229EPSS

Exploits0References2

CVE•added 2019/04/26 8:6 p.m.•42 views

CVE-2019-11533

CVE-2019-11533 affects ProjectSend prior to r1070, with a cross-site scripting (XSS) vulnerability that could allow remote attackers to inject arbitrary script/HTML. The issue stems from insufficient input sanitization in the affected component, enabling client-side script execution in the contex...

6.1CVSS6AI score0.00229EPSS

Exploits0References2Affected Software1

CVE•added 2019/04/26 8:2 p.m.•45 views

CVE-2019-11492

CVE-2019-11492 affects ProjectSend before release r1070, where user passwords are written to server logs. This creates exposure of credentials via log data. According to NVD, the CVSS metrics indicate a network-accessible issue with low attack complexity and a medium (CVSS2) to high (CVSS3) base ...

7.5CVSS7.5AI score0.00322EPSS

Exploits0References1Affected Software1

Cvelist•added 2019/04/26 8:2 p.m.•14 views

CVE-2019-11492

ProjectSend before r1070 writes user passwords to the server logs...

7.5AI score0.00322EPSS

Exploits0References1

NVD•added 2019/04/20 3:29 p.m.•9 views

CVE-2019-11378

An issue was discovered in ProjectSend r1053. upload-process-form.php allows finishedfiles=../ directory traversal. It is possible for users to read arbitrary files and potentially access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code...

8.8CVSS8.6AI score0.02489EPSS

Exploits1References2

OSV•added 2019/04/20 3:29 p.m.•12 views

CVE-2019-11378

8.8CVSS6.9AI score

Exploits0References2

Prion•added 2019/04/20 3:29 p.m.•8 views

Directory traversal

6.5CVSS8.6AI score0.02489EPSS

Exploits1References2Affected Software1

Cvelist•added 2019/04/20 2:51 p.m.•7 views

CVE-2019-11378

8.6AI score0.02489EPSS

Exploits1References2

CVE•added 2019/04/20 2:51 p.m.•49 views

CVE-2019-11378

ProjectSend (revision r1053) is affected by CVE-2019-11378 through the upload-process-form.php endpoint, where finished_files[]=../ enables directory traversal. This allows attackers to read arbitrary files and potentially access the supporting database, delete files, leak user passwords, or exec...

8.8CVSS8.6AI score0.02489EPSS

Exploits1References2Affected Software1

CNVD•added 2018/11/06 12:0 a.m.•0 views

Unspecified Vulnerability in ProjectSend

ProjectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. A security vulnerability exists in version r582 of ProjectSend. An attacker could exploit the vulnerability to bypass authentication...

9.8CVSS6.9AI score0.00403EPSS

Exploits0References1

CNVD•added 2018/11/06 12:0 a.m.•1 views

ProjectSend has an unspecified vulnerability (CNVD-2019-36884)

ProjectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. A security vulnerability exists in version r582 of ProjectSend, no details of the vulnerability are provided at this time...

9.8CVSS6.9AI score0.00332EPSS

Exploits0References1

NVD•added 2018/10/29 12:29 p.m.•10 views

CVE-2016-10732

ProjectSend formerly cFTP r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?fileid=1, or process-zip-download.php, or adduserform parameters to users-add.php...

9.8CVSS9.6AI score0.00403EPSS

Exploits0References1

NVD•added 2018/10/29 12:29 p.m.•6 views

CVE-2016-10733

ProjectSend formerly cFTP r582 allows directory traversal via file=../ in the process-zip-download.php query string...

9.8CVSS9.5AI score0.00415EPSS

Exploits0References1

OSV•added 2018/10/29 12:29 p.m.•1 views

CVE-2016-10733

ProjectSend formerly cFTP r582 allows directory traversal via file=../ in the process-zip-download.php query string...

9.8CVSS5.8AI score

Exploits0References1