ProjectSend cross-site scripting vulnerability (CNVD-2018-04877)

ProjectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. A cross-site scripting vulnerability exists in ProjectSend commit. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the Description field...

CVE-2017-9783

Cross-site scripting XSS vulnerability in ProjectSend formerly cFTP before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in a Site name updated...

CVE-2017-9786

Cross-site scripting XSS vulnerability in ProjectSend formerly cFTP before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in My account Name updated, related to home.php and actions-log.php...

CVE-2017-9786

Cross-site scripting XSS vulnerability in ProjectSend formerly cFTP before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in My account Name updated, related to home.php and actions-log.php...

Cross site scripting

Cross-site scripting XSS vulnerability in ProjectSend formerly cFTP before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in a Site name updated...

Cross site scripting

Cross-site scripting XSS vulnerability in ProjectSend formerly cFTP before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in My account Name updated, related to home.php and actions-log.php...

CVE-2017-9783

Cross-site scripting XSS vulnerability in ProjectSend formerly cFTP before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in a Site name updated...

CVE-2017-9783

CVE-2017-9783 affects ProjectSend (formerly cFTP), a PHP/MySQL-based self-hosted app. A Cross-site Scripting (XSS) vulnerability exists in the Description field during a Site name update, allowing remote attackers to inject arbitrary web script or HTML. The issue is tied to commits before 6c37104...

CVE-2017-9786

CVE-2017-9786 is a Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca. The flaw allows remote attackers to inject arbitrary web script or HTML via the Description field in My account Name updated, related to home.php and ...

CVE-2017-9783

Cross-site scripting XSS vulnerability in ProjectSend formerly cFTP before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in a Site name updated...

CVE-2017-9786

Cross-site scripting XSS vulnerability in ProjectSend formerly cFTP before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in My account Name updated, related to home.php and actions-log.php...

ProjectSend 'install/make-config.php' file arbitrary code execution vulnerability

ProjectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. A security vulnerability exists in the 'install/make-config.php' file in ProjectSend r754. The vulnerability can be exploited by a remote attacker to execute arbitrary PHP code with the help of the...

Design/Logic Flaw

install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLESPREFIX in the configuration file...

CVE-2017-9741

install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLESPREFIX in the configuration file...

CVE-2017-9741

install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLESPREFIX in the configuration file...

CVE-2017-9741

install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLESPREFIX in the configuration file...

CVE-2017-9741

CVE-2017-9741 affects ProjectSend (r754). The install/make-config.php file is vulnerable to remote PHP code execution via the dbprefix parameter, due to replacing TABLES_PREFIX in the configuration file. This leads to arbitrary code execution on affected installations. Connected records confirm t...

ProjectSend r754 Insecure Direct Object Reference / Authenticaton Bypass

Document Title: =============== ProjectSend r754 - IDOR & Authentication Bypass Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2031 Release Date: ============= 2017-02-21 Vulnerability Laboratory ID VL-ID:...

ProjectSend r754 Authentication Bypass Vulnerability

ProjectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. An authentication bypass vulnerability exists in ProjectSend, which can be exploited by an attacker to bypass the authentication mechanism in an affected application and gain unauthorized access to t...

ProjectSend r754 - Insecure Direct Object Reference Vulnerability

Exploit for php platform in category web applications Document Title: =============== ProjectSend r754 - IDOR & Authentication Bypass Vulnerability Product & Service Introduction: =============================== ProjectSend is a self-hosted application you can install it easily on your own VPS or...