11 matches found
EUVD-2005-2431
Malware in sbrugna...
CVE-2008-2381
SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable...
CVE-2008-2381
SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable...
CVE-2008-2381
CVE-2008-2381 describes an SQL injection in GForge’s GroupJoinRequest.class create() function (common/include/GroupJoinRequest.class) affecting GForge 4.5 and 4.6. The vulnerability allows a remote attacker to inject SQL via the comments variable, enabling arbitrary SQL execution. Public referenc...
CVE-2005-2430
Affected software: GForge (notebook mentions GForge 4.5). Vulnerability: Multiple cross-site scripting (XSS) flaws in GForge that allow remote injection of web script/HTML via various parameters (forum_id, group_id, project_task_id, id, search text, qrs.php, form/rows/cols/wrap in notepad.php, an...
CVE-2005-2430
Multiple cross-site scripting XSS vulnerabilities in GForge 4.5 allow remote attackers to inject arbitrary web script or HTML via the 1 forumid or 2 groupid parameter to forum.php, 3 projecttaskid parameter to task.php, 4 id parameter to detail.php, 5 the text field on the search page, 6 groupid...
CVE-2005-2431
The CVE-2005-2431 entry concerns GForge 4.5 where the (1) lost password and (2) account pending features fail to enforce a limit on outbound emails, allowing a remote attacker to perform a mail flood (send large numbers of messages to arbitrary addresses). Affected component is the email sending ...
CVE-2005-2430
Multiple cross-site scripting XSS vulnerabilities in GForge 4.5 allow remote attackers to inject arbitrary web script or HTML via the 1 forumid or 2 groupid parameter to forum.php, 3 projecttaskid parameter to task.php, 4 id parameter to detail.php, 5 the text field on the search page, 6 groupid...
CVE-2005-2431
The 1 lost password and 2 account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail address, which allows remote attackers to send a large number of messages to arbitrary e-mail addresses aka mail bomb...
CVE-2005-2430
Multiple cross-site scripting XSS vulnerabilities in GForge 4.5 allow remote attackers to inject arbitrary web script or HTML via the 1 forumid or 2 groupid parameter to forum.php, 3 projecttaskid parameter to task.php, 4 id parameter to detail.php, 5 the text field on the search page, 6 groupid...
CVE-2005-2431
The 1 lost password and 2 account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail address, which allows remote attackers to send a large number of messages to arbitrary e-mail addresses aka mail bomb...