CVE-2006-0756

CVE-2006-0756 affects dotProject versions 2.0.1 and earlier. The issue: phpinfo.php and check.php remain accessible under the /docs/ directory after installation, allowing remote attackers to obtain sensitive configuration information. The vendor disputes the flaw, noting it occurs only if instal...

CVE-2006-0756

dotProject 2.0.1 and earlier leaves 1 phpinfo.php and 2 check.php accessible under the /docs/ directory after installation, which allows remote attackers to obtain sensitive configuration information. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignor...

CVE-2006-0755

DotProject, versions ≤2.0.1, contains multiple PHP remote file inclusion vulnerabilities exploitable when register_globals is enabled. The baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, (7) tasks/gantt.php a...

CVE-2006-0755

Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in 1 dbadodb.php, 2 dbconnect.php, 3 session.php, 4 vwusrroles.php, 5 calendar.php, 6 dateformat.php, a...

CVE-2006-0754

dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if the...

CVE-2006-0754

CVE-2006-0754 affects dotProject 2.0.1 and earlier. The issue allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, revealing the path in an error message. Related connected sources also describe multiple sc...

CVE-2006-0755

Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in 1 dbadodb.php, 2 dbconnect.php, 3 session.php, 4 vwusrroles.php, 5 calendar.php, 6 dateformat.php, a...

PT-2006-1803 · Dotproject · Dotproject

Name of the Vulnerable Software and Affected Versions: dotProject versions 2.0.1 and earlier Description: The issue allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error...

PT-2006-1805 · Dotproject · Dotproject

Name of the Vulnerable Software and Affected Versions: dotProject versions 2.0.1 and earlier Description: The issue allows remote attackers to obtain sensitive configuration information because certain files, specifically phpinfo.php and check.php, remain accessible under the /docs/ directory aft...

PT-2006-1804 · Dotproject · Dotproject

Name of the Vulnerable Software and Affected Versions: dotProject versions 2.0.1 and earlier Description: The issue allows remote attackers to execute arbitrary commands via the baseDir parameter in several PHP files, including db adodb.php, db connect.php, session.php, vw usr roles.php,...

dotProject < 2.0.2 Multiple Script Remote File Inclusion

Binary data 3433.prm...

dotproject &lt;= 2.0.1 remote code execution

dotproject = 2.0.1 remote code execution ====================================== Software: dotProject = 2.0.1 Severity: Arbitrary code execution, Path/Information Disclosure Risk: High Author: Robin Verton [email protected] Date: Feb. 14 2006 Vendor: dotproject.net contacted Description: dotProje...

dotProject Multiple Scripts Remote File Inclusion

The remote host is running dotProject, a web-based, open source, project management application written in PHP. The installed version of dotProject fails to sanitize input to various parameters and scripts before using it to include PHP code. Provided PHP's 'registerglobals' setting is enabled, a...

dotProject docs/ Directory Multiple Script Information Disclosure

The remote host is running dotProject, a web-based, open source, project management application written in PHP. The installed version of dotProject discloses sensitive information because it lets an unauthenticated attacker call scripts in the 'docs' directory. %NASLMINLEVEL 70300 C Tenable Netwo...

dotProject 2.0 - includesdb_connect.php?baseDir Remote File Inclusion

dotProject 2.0 - includesdbconnect.php?baseDir Remote File Inclusion source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker...

dotProject 2.0 - modulesprojectsgantt2.php?dPconfig[root_dir] Remote File Inclusion

dotProject 2.0 - modulesprojectsgantt2.php?dPconfigrootdir Remote File Inclusion source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input...

dotProject-2.0.1.txt

dotproject Date: Feb. 14 2006 Vendor: dotproject.net contacted Description: dotProject is a volunteer supported Project Management application. Details: The 'protection.php' script does not properly validate user-supplied input in the 'siteurl' parameter. Some user-supplied input is not checked...

dotProject 2.0 - &#039;/modules/public/calendar.php?baseDir&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file...

dotProject 2.0 - &#039;/modules/projects/gantt2.php?dPconfig[root_dir]&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file...

dotProject 2.0 - modulespubliccalendar.php?baseDir Remote File Inclusion

dotProject 2.0 - modulespubliccalendar.php?baseDir Remote File Inclusion source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...