176 matches found
Dotproject HTML Injection Vulnerability
Dotproject is a set of Web-based project management and tracking tools. The tool provides modules for company management, project management and task progress tracking. An HTML injection vulnerability exists in Dotproject, which stems from the program's failure to adequately filter user-submitted...
CVE-2012-5702
Multiple cross-site scripting XSS vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the 1 callback parameter in a colorselector action, 2 field parameter in a dateformat action, or 3 companyname parameter in an addedit action to index.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the 1 callback parameter in a colorselector action, 2 field parameter in a dateformat action, or 3 companyname parameter in an addedit action to index.php...
CVE-2012-5702
dotProject is affected by CVE-2012-5702 (XSS) in versions up to 2.1.6/2.1.x. The vulnerability arises from input sanitation errors in index.php when handling GET parameters: callback, field, company_name (2.1), and also date (2.4) in day_view. An attacker can inject arbitrary HTML/JavaScript that...
CVE-2012-5702
Multiple cross-site scripting XSS vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the 1 callback parameter in a colorselector action, 2 field parameter in a dateformat action, or 3 companyname parameter in an addedit action to index.php...
CVE-2012-5701
Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the 1 searchstring or 2 where parameter in a contacts action, 3 deptid parameter in a departments action, 4 projectid parameter in a project action, or...
Sql injection
Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the 1 searchstring or 2 where parameter in a contacts action, 3 deptid parameter in a departments action, 4 projectid parameter in a project action, or...
CVE-2012-5701
DotProject 2.x is vulnerable to SQL injection via multiple parameters (search_string, where, dept_id, project_id[], company_id) in index.php, enabling remote authenticated admins to run arbitrary SQL (and CSRF may enable exploitation). Root cause: insufficient input sanitization in those GET para...
CVE-2012-5701
Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the 1 searchstring or 2 where parameter in a contacts action, 3 deptid parameter in a departments action, 4 projectid parameter in a project action, or...
Dotproject 2.0 /modules/projects/gantt.php dPconfig[root_dir] Parameter Remote File Inclusion
No description provided by source...
dotProject 2.1.3 XSS and Improper Permissions
No description provided by source...
dotProject 2.1.5 CSRF Vulnerability
No description provided by source. Source: http://packetstormsecurity.org/files/view/98245/dotProject2.1.5-xsrf.txt !------------------------------------------------------------------------ Software................dotProject 2.1.5 Vulnerability...........Cross-site Request Forgery...
Dotproject 2.0 /includes/db_connect.php baseDir Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to includ...
dotProject <= 2.0.4 (baseDir) Remote File Include Vulnerability
No description provided by source. / + + - - - DEVIL TEAM THE BEST POLISH TEAM - - + + + - dotProject = 2.0.4 baseDir Remote File Include Vulnerabilities + - Script name: dotProject v. 2.0.4 - Script site: http://www.dotproject.net/ + + + - Find by: Kacper a.k.a Rahim + - Contact:...
Dotproject 2.0 /includes/session.php baseDir Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to includ...
dotProject 2.1.5 - SQL Injection Vulnerability
No description provided by source. Exploit Title: dotProject 2.1.5 SQL Injection Vulnerability Google Dork: intitle:dotproject Date: 2011-12-09 Author: sherl0ck sherl0ckatalligatorteamdotorg @AlligatorTeam Software Link: http://www.dotproject.net/ Version: 2.1.5 tested Tested on: Debian GNU/Linux...
Dotproject 2.0 /modules/admin/vw_usr_roles.php baseDir Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to includ...
dotProject 2.1.3 Multiple SQL Injection and HTML Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/37669/info dotProject is prone to multiple SQL-injection and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage the HTML-injection issues to execute...
DotProject 0.2.1 User Cookie Authentication Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5347/info dotproject is prone to an issue which may allow remote attackers to bypass authentication and gain administrative access to the software. This may be accomplished by submitting a maliciously crafted 'usercookie'...
dotproject 2.1.5 - Multiple Vulnerabilities
No description provided by source. exploit title: sql injection in dotproject 2.1.5 date 21.o2.2o11 author: lemlajt software : dotproject version: 2.1.5 tested on: linux cve : http://dotproject.net/ PoC : http://localhost/www/cmsadmins/dotpro/dotproject/fileviewer.php?fileid=' in src: 2...