4 matches found
CVE-2014-7178
Enalean Tuleap prior to 7.5 (listed variants include 7.4.99.5 and earlier; fixed in 7.5) is vulnerable to remote command execution via the User-Agent header passed to the passthru PHP function (via the SVN handler page). This is triggered by crafted requests such as /svn/viewvc.php/?roottype=svn&...
Enalean Tuleap 7.4.99.5 - Remote Command Execution / Blind SQL Injection Vulnerabilities
Enalean Tuleap versions 7.4.99.5 and below suffer from a remote command execution vulnerability and below suffer from a remote, authenticated blind SQL injection vulnerability Vulnerability title: Tuleap /usr/share/codendi/src/www/passwd.txt && "ozilla/5.0 Windows NT 6.1; WOW64; rv:31.0...
Tuleap 7.4.99.5 Remote Command Execution
Vulnerability title: Tuleap /usr/share/codendi/src/www/passwd.txt && "ozilla/5.0 Windows NT 6.1; WOW64; rv:31.0 Gecko/20100101 Firefox/31.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer:...
Enalean Tuleap 7.4.99.5 - Remote Command Execution
Enalean Tuleap 7.4.99.5 - Remote Command Execution Vulnerability title: Tuleap /usr/share/codendi/src/www/passwd.txt && "ozilla/5.0 Windows NT 6.1; WOW64; rv:31.0 Gecko/20100101 Firefox/31.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5...