CVE-2006-0756

dotProject 2.0.1 and earlier leaves 1 phpinfo.php and 2 check.php accessible under the /docs/ directory after installation, which allows remote attackers to obtain sensitive configuration information. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignor...

CVE-2006-0755

DotProject, versions ≤2.0.1, contains multiple PHP remote file inclusion vulnerabilities exploitable when register_globals is enabled. The baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, (7) tasks/gantt.php a...