dotProject 2.1.3 XSS and Improper Permissions

Exploit for unknown platform in category web applications ============================================= dotProject 2.1.3 XSS and Improper Permissions ============================================= Exploit Title: dotProject 2.1.3 XSS and Improper Permissions Date: Dec 15 2009 Author: h00die Softwar...

dotProject 2.1.3 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The full text of this advisory can also be found at http://www.madirish.net/?article=444 Description of Vulnerability: - ----------------------------- dotProject http://www.dotproject.net/ is a robust open source project management tool written in PHP...

dotProject 2.1.3 - Multiple SQL Injections HTML Injection Vulnerabilities

dotProject 2.1.3 - Multiple SQL Injections HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/37669/info dotProject is prone to multiple SQL-injection and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage t...

dotProject 2.1.3 - Multiple SQL Injections / HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/37669/info dotProject is prone to multiple SQL-injection and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage the HTML-injection issues to execute arbitrary script code in the browser o...

dotProject Privilege Escalation Vulnerability

The host is installed with dotProject and is prone to Privilege Escalation vulnerability. OpenVAS Vulnerability Test $Id: gbdotprojectprivescalationvuln.nasl 4865 2016-12-28 16:16:43Z teissa $ dotProject Privilege Escalation Vulnerability. Authors: Nikita MR Copyright: Copyright c 2009 Greenbone...

dotProject Detection (HTTP)

HTTP based detection of dotProject. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.800564";...

dotProject < 2.1.2 Privilege Escalation Vulnerability

dotProject is prone to a privilege escalation vulnerability. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

CVE-2008-6747

dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information...

Information disclosure

dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information...

CVE-2008-6747

dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information...

CVE-2008-6747

CVE-2008-6747 affects dotProject prior to 2.1.2. The issue is that access to administrative pages is not properly restricted, enabling remote attackers to gain privileges. Public details in the connected docs consistently identify a privilege-escalation vulnerability in dotProject

Sql injection

Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow 1 remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and 2 remote authenticated administrators to execute arbitrary SQL commands via the userid parameter in a viewus...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via 1 the inactive parameter in a tasks action, 2 the date parameter in a calendar dayview action, 3 the callback parameter in a public calendar action,...

CVE-2008-3886

Multiple cross-site scripting XSS vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via 1 the inactive parameter in a tasks action, 2 the date parameter in a calendar dayview action, 3 the callback parameter in a public calendar action,...

CVE-2008-3887

Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow 1 remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and 2 remote authenticated administrators to execute arbitrary SQL commands via the userid parameter in a viewus...

CVE-2008-3886

CVE-2008-3886: dotProject 2.1.2 contains multiple XSS flaws in index.php, exploitable via (1) inactive (tasks action), (2) date (calendar day_view), (3) callback (public calendar), or (4) type (ticketsmith). The issue arises from reflected/scriptable input in these parameters, enabling remote inj...

CVE-2008-3887

Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow 1 remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and 2 remote authenticated administrators to execute arbitrary SQL commands via the userid parameter in a viewus...

CVE-2008-3887

CVE-2008-3887 affects dotProject 2.1.2, specifically SQL injection in index.php. The vulnerabilities allow remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and remote authenticated administrators to do so via the user_id parameter in a viewu...

CVE-2008-3886

Multiple cross-site scripting XSS vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via 1 the inactive parameter in a tasks action, 2 the date parameter in a calendar dayview action, 3 the callback parameter in a public calendar action,...

dotProject Multiple XSS and SQLi Vulnerabilities

dotProject is prone to multiple cross-site scripting CSS and SQL injection SQLi vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...