EUVD-2012-5585

Malware in sbrugna...

Sql injection

Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the 1 searchstring or 2 where parameter in a contacts action, 3 deptid parameter in a departments action, 4 projectid parameter in a project action, or...

dotProject 2.1.x - 'index.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/56624/info Dotproject is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. Multiple cross-site scripting vulnerabilities Exploiting these vulnerabilities could allow an attacker to steal cookie-based...

dotProject 2.1.5 - Multiple Vulnerabilities

exploit title: sql injection in dotproject 2.1.5 date 21.o2.2o11 author: lemlajt software : dotproject version: 2.1.5 tested on: linux cve : http://dotproject.net/ PoC : http://localhost/www/cmsadmins/dotpro/dotproject/fileviewer.php?fileid=' in src: 2 ./dotproject/fileviewer.php: 127...

dotProject 2.1.2 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/30924/info dotProject is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the...

dotProject 2.0 - '/modules/projects/gantt.php?dPconfig[root_dir]' Remote File Inclusion

source: https://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file...