dotProject 2.1.2 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/30924/info dotProject is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the...

dotProject 2.1.2 - Multiple SQL Injections Cross-Site Scripting Vulnerabilities

dotProject 2.1.2 - Multiple SQL Injections Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/30924/info dotProject is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may...

dotproject-sqlxss.txt

======================================================================= . .. | | / / | | | | / \ / / /\ / / \ | | | / / \ /\ \| | / // / /\ \ / / / // http://wwwlowsec.org ======================================================================== Author: C1c4Tr1Z Date: 28/08/08...

dotProject cross-site scripting vulnerability

Overview dotProject, an open source project management tool, contains a cross-site scripting vulnerability. This vulnerability is different from JVN97636431. Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, sessio...

dotProject cross-site scripting vulnerability

Overview dotProject, an open source project management tool, contains a cross-site scripting vulnerability. This vulnerability is different from JVN97636431. Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, an...

dotProject cross-site scripting vulnerability

Overview dotProject, an open source project management tool, contains a cross-site scripting vulnerability. As of June 5, 2006, it is confirmed that Internet Explorer is affected by this vulnerability. It is also confirmed that Mozilla Firefox and Opera are not affected by this vulnerability...

CVE-2007-5486

dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information...

Information disclosure

dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information...

CVE-2007-5486

dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information...

CVE-2007-5486

CVE-2007-5486 affects dotProject before version 2.1, where the Companies module does not properly enforce privileges. This allows remote attackers to access the Companies module via a crafted URL. The issue is a privilege-check vulnerability leading to unauthorized access (partial confidentiality...

Cross site scripting

Cross-site scripting XSS vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-2851 and CVE-2006-3240...

CVE-2007-3226

Cross-site scripting XSS vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-2851 and CVE-2006-3240...

CVE-2007-3226

Cross-site scripting XSS vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-2851 and CVE-2006-3240...

CVE-2007-3226

dotProject contains a cross-site scripting (XSS) vulnerability affecting versions before 2.1 RC2. Public descriptions reference an XSS in the login path (dotProject 2.0.3 and earlier) via an unspecified vector, and another description notes XSS in 2.1 RC2 addressed by an update. Several sources c...

JVN#63602912 dotProject cross-site scripting vulnerability

This vulnerability is different from JVN97636431. Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, session hijacking could be conducted. Solution Update the Software The developer has released dotProject version 2...

DotProject Query.Class.PHP远程文件包含漏洞

DotProject是一款基于PHP的WEB应用程序。 DotProject不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'Query.Class.PHP'脚本对用户提交的'baseDir'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Dotproject Dotproject 2.0.4 Dotproject Dotproject 2.0.3 Dotproject Dotproject 2.0.1 Dotproject Dotproject 2.0 NO...

dotProject <= 2.0.4 (baseDir) Remote File Include Vulnerability

No description provided by source. / + + - - - DEVIL TEAM THE BEST POLISH TEAM - - + + + - dotProject = 2.0.4 baseDir Remote File Include Vulnerabilities + - Script name: dotProject v. 2.0.4 - Script site: http://www.dotproject.net/ + + + - Find by: Kacper a.k.a Rahim + - Contact:...

CVE-2006-4234

PHP remote file inclusion vulnerability in classes/query.class.php in dotProject 2.0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter...

CVE-2006-4234

PHP remote file inclusion vulnerability in classes/query.class.php in dotProject 2.0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter...

CVE-2006-4234

CVE-2006-4234 affects dotProject up to version 2.0.4: PHP remote file inclusion via the baseDir parameter in classes/query.class.php may allow an attacker to execute arbitrary PHP code. The description and connected sources confirm the vulnerability exists exploitable through crafted URLs; howeve...