333 matches found
ProjectSend SQL Injection Vulnerability
ProjectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. A SQL injection vulnerability exists in the client-edit.php script in ProjectSend version r561. Since the users-edit.php script fails to adequately filter the 'id' parameter. A remote attacker can...
ProjectSend r561 - SQL injection vulnerability
Vulnerability title: ProjectSend r561 - SQL injection vulnerability Product: ProjectSend r561 Vendor: http://www.projectsend.org/ Affected version: ProjectSend r561 Download link: http://www.projectsend.org/download/67/ Fixed version: N/A Author: Le Ngoc Phi phi.n.le itas vn & ITAS Team www.itas....
CVE-2015-2564
SQL injection vulnerability in client-edit.php in ProjectSend formerly cFTP r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php...
Sql injection
SQL injection vulnerability in client-edit.php in ProjectSend formerly cFTP r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php...
CVE-2015-2564
SQL injection vulnerability in client-edit.php in ProjectSend formerly cFTP r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php...
CVE-2015-2564
ProjectSend (formerly cFTP) SQL Injection (CVE-2015-2564) affects client-edit.php in r561. An authenticated remote attacker can exploit the vulnerability via the id parameter to users-edit.php to execute arbitrary SQL commands. Root cause: inadequate input filtering for id leading to SQL injectio...
ProjectSend r561 SQL Injection Vulnerability
ProjectSend is a WEB-based application. ProjectSend suffers from a SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...
ProjectSend r561 - SQL Injection Vulnerability
Exploit for php platform in category web applications Vulnerability title: ProjectSend r561 - SQL injection vulnerability Product: ProjectSend r561 Vendor: http://www.projectsend.org/ Affected version: ProjectSend r561 Download link: http://www.projectsend.org/download/67/ Fixed version: N/A...
ProjectSend r561 SQL Injection
Vulnerability title: ProjectSend r561 - SQL injection vulnerability Product: ProjectSend r561 Vendor: http://www.projectsend.org/ Affected version: ProjectSend r561 Download link: http://www.projectsend.org/download/67/ Fixed version: N/A Author: Le Ngoc Phi [email protected] & ITAS Team www.itas....
ProjectSend r561 - SQL Injection
Vulnerability title: ProjectSend r561 - SQL injection vulnerability Product: ProjectSend r561 Vendor: http://www.projectsend.org/ Affected version: ProjectSend r561 Download link: http://www.projectsend.org/download/67/ Fixed version: N/A Author: Le Ngoc Phi [email protected] & ITAS Team www.itas....
ProjectSend r561 - SQL Injection
ProjectSend r561 - SQL Injection Vulnerability title: ProjectSend r561 - SQL injection vulnerability Product: ProjectSend r561 Vendor: http://www.projectsend.org/ Affected version: ProjectSend r561 Download link: http://www.projectsend.org/download/67/ Fixed version: N/A Author: Le Ngoc Phi...
ProjectSend Arbitrary File Upload Vulnerability
ProjectSend is a suite of self-hosted applications based on PHP and MySQL. An arbitrary file upload vulnerability exists in ProjectSend that allows remote attackers to execute arbitrary PHP code by uploading a file with the PHP file extension...
ProjectSend Cross-Site Scripting Vulnerability
ProjectSend is a use of php to achieve the management of the project to send , based on ftp project management aspects of php source code to achieve . ProjectSend has a cross-site scripting vulnerability that allows remote attackers to inject arbitrary web script or HTML into the file upload...
Cross site scripting
Cross-site scripting XSS vulnerability in ProjectSend formerly cFTP r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-1155; see CVE-2014-1155 for more information...
CVE-2014-9580
Cross-site scripting XSS vulnerability in ProjectSend formerly cFTP r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-1155; see CVE-2014-1155 for more information...
CVE-2014-9580
CVE-2014-9580 concerns a Cross-site scripting (XSS) flaw in ProjectSend (formerly cFTP) version r561. The vulnerability enables remote attackers to inject arbitrary web script or HTML via the Description field of a file upload. This is the concrete, described impact: execution of injected scripts...
CVE-2014-9580
Cross-site scripting XSS vulnerability in ProjectSend formerly cFTP r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-1155; see CVE-2014-1155 for more information...
CVE-2014-9567
Unrestricted file upload vulnerability in process-upload.php in ProjectSend formerly cFTP r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/...
Unrestricted file upload
Unrestricted file upload vulnerability in process-upload.php in ProjectSend formerly cFTP r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/...
CVE-2014-9567
Unrestricted file upload vulnerability in process-upload.php in ProjectSend formerly cFTP r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/...