333 matches found
CVE-2016-10733
ProjectSend formerly cFTP r582 allows directory traversal via file=../ in the process-zip-download.php query string...
CVE-2016-10732
ProjectSend formerly cFTP r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?fileid=1, or process-zip-download.php, or adduserform parameters to users-add.php...
CVE-2016-10734
ProjectSend formerly cFTP r582 allows Insecure Direct Object Reference via includes/actions.log.export.php...
Sql injection
ProjectSend formerly cFTP r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selectedclients, clients.php with the request parameter status, process-zip-download.php with the...
Authentication flaw
ProjectSend formerly cFTP r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?fileid=1, or process-zip-download.php, or adduserform parameters to users-add.php...
CVE-2016-10731
ProjectSend formerly cFTP r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selectedclients, clients.php with the request parameter status, process-zip-download.php with the...
CVE-2016-10731
ProjectSend formerly cFTP r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selectedclients, clients.php with the request parameter status, process-zip-download.php with the...
Directory traversal
ProjectSend formerly cFTP r582 allows directory traversal via file=../ in the process-zip-download.php query string...
Authentication flaw
ProjectSend formerly cFTP r582 allows Insecure Direct Object Reference via includes/actions.log.export.php...
CVE-2016-10734
ProjectSend formerly cFTP r582 allows Insecure Direct Object Reference via includes/actions.log.export.php...
CVE-2016-10733
ProjectSend (formerly cFTP) r582 is affected by a directory traversal vulnerability that can be triggered through the file parameter (file=../) in the process-zip-download.php query string. This vulnerability is documented in CVE-2016-10733. The impact is described in the associated CVSS metrics ...
CVE-2016-10731
ProjectSend formerly cFTP r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selectedclients, clients.php with the request parameter status, process-zip-download.php with the...
CVE-2016-10733
ProjectSend formerly cFTP r582 allows directory traversal via file=../ in the process-zip-download.php query string...
CVE-2016-10732
ProjectSend (formerly cFTP) r582 contains an authentication bypass vulnerability that can be exploited via direct requests to users.php, home.php, edit-file.php?file_id=1, process-zip-download.php, or add_user_form_* parameters to users-add.php. The CVE-2016-10732 entry documents impact as authen...
CVE-2016-10732
ProjectSend formerly cFTP r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?fileid=1, or process-zip-download.php, or adduserform parameters to users-add.php...
CVE-2016-10731
CVE-2016-10731 affects ProjectSend (formerly cFTP) r582 and enables SQL injection via multiple PHP endpoints: manage-files.php (status, files), clients.php (selected_clients, status), process-zip-download.php (file), or home-log.php (action). Root cause: input parameters are used in SQL queries w...
CVE-2016-10734
ProjectSend (formerly cFTP) r582 contains an Insecure Direct Object Reference vulnerability in includes/actions.log.export.php. The CNVD entry notes that ProjectSend is a PHP/MySQL self-hosted application, and the NVD entry documents a high-impact issue with access control to object references. T...
ProjectSend - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: ProjectSend - SQL Injection Exploit Author: GUIA BRAHIM FOUAD Vendor Homepage: https://www.projectsend.org/ Software Link: https://www.projectsend.org/download/241/ Version: R1053 Tested on: ProjectSend version: R1053, php...
ProjectSend R1053 SQL Injection
Exploit Title: ProjectSend - SQL Injection Date: 27/07/2018 Exploit Author: GUIA BRAHIM FOUAD Vendor Homepage: https://www.projectsend.org/ Software Link: https://www.projectsend.org/download/241/ Version: R1053 Tested on: ProjectSend version: R1053, php version: 7.0, MySQL version: 5.7 CVE :...
ProjectSend cross-site scripting vulnerability (CNVD-2018-06778)
ProjectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. A cross-site scripting vulnerability exists in previous versions of ProjectSend commit 6c3710430be26feb5371cb0377e5355d6f9a27ca. A remote attacker can exploit this vulnerability to inject arbitrary w...