250 matches found
CVE-2008-6188
CVE-2008-6188 affects GForge 4.6 rc1 and earlier. The SQL injection exists in people/editprofile.php via the skill_edit[] parameter, enabling remote attackers to inject arbitrary SQL. Connected sources confirm the affected software and input vector; no vendor patch is provided in the documents, s...
CVE-2008-6187
CVE-2008-6187 affects GForge 4.5.19 and earlier. The vulnerability is a SQL injection in frs/shownotes.php via the release_id parameter, allowing remote attackers to execute arbitrary SQL commands. The NVD entry lists a CVSS v2 base score of 7.5 (HIGH) with network attack vector and no authentica...
Debian Security Advisory DSA 1698-1 (gforge)
The remote host is missing an update to gforge announced via advisory DSA 1698-1. OpenVAS Vulnerability Test $Id: deb16981.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1698-1 gforge Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
Debian: Security Advisory (DSA-1698-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-1698-1 : gforge - insufficient input sanitising
It was discovered that GForge, a collaborative development tool, insufficiently sanitises some input allowing a remote attacker to perform SQL injection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...
[SECURITY] [DSA 1698-1] New gforge packages fix SQL injection
------------------------------------------------------------------------ Debian Security Advisory DSA-1698-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst January 09, 2009 http://www.debian.org/security/faq -...
DSA-1698-1 gforge - SQL injection
Bulletin has no description...
GForge GroupJoinRequest.class远程SQL注入漏洞
BUGTRAQ ID: 33086 CVECAN ID: CVE-2008-2381 GForge是用于管理软件开发周期的工具。 GForge的common/include/GroupJoinRequest.class文件中没有正确地验证对create函数的输入,远程攻击者可以通过提交恶意的SQL查询请求注入并执行恶意代码。 GForge GForge 4.6 GForge GForge 4.5 GForge ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
CVE-2008-2381
SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable...
Sql injection
SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable...
CVE-2008-2381
SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable...
CVE-2008-2381
SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable...
CVE-2008-2381
CVE-2008-2381 describes an SQL injection in GForge’s GroupJoinRequest.class create() function (common/include/GroupJoinRequest.class) affecting GForge 4.5 and 4.6. The vulnerability allows a remote attacker to inject SQL via the comments variable, enabling arbitrary SQL execution. Public referenc...
Default Password (gforge) for 'root' Account
The account 'root' on the remote host has the password 'gforge'. An attacker may leverage this issue to gain total control of the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "root"; password = "gforge"; include'deprecatednasllevel.inc'; include'compat.inc'; if...
GForge top/topusers.php offset Parameter SQL Injection
The remote host is running GForge, an open source, web-based project management and collaboration software. The installed version of GForge fails to sanitize user-supplied input to the 'offset' parameter in the 'top/topusers.php' script before using it in a database query. Regardless of PHP's...
gforge4519-sql.txt
Gforge = 4.5.19 Multiple Sql Injections Vendor Notified: 2008-10-06 Note: should work regardless magicquotesgpc setting. http://gforgesite.xxx/new/?groupid=&limit=50&offset=50;select 1 as id,CURRENTUSER as forumid, version as summary...
Gforge <= 4.5.19 Multiple Remote SQL Injection Vulnerabilities
No description provided by source. Gforge = 4.5.19 Multiple Sql Injections Vendor Notified: 2008-10-06 Note: should work regardless magicquotesgpc setting. http://gforgesite.xxx/new/?groupid=&limit=50&offset=50;select 1 as id,CURRENTUSER as forumid, version as summary...
Gforge 4.6 rc1 - skill_edit SQL Injection
Gforge 4.6 rc1 - skilledit SQL Injection Gforge = 4.6 rc1 skilledit SQL injection Vendor Notified: 2008-10-06 Impact: zomg! Note: should work regardless magicquotesgpc setting. Requires: Creating an account and be logged in Vulnerable function: handlemultiedit$skillids on...
Gforge <= 4.6 rc1 (skill_edit) SQL Injection Vulnerability
Exploit for unknown platform in category web applications ========================================================== Gforge = 4.6 rc1 skilledit SQL Injection Vulnerability ========================================================== Gforge = 4.6 rc1 skilledit SQL injection Vendor Notified: 2008-10-...
gforge46-sql.txt
Gforge = 4.6 rc1 skilledit SQL injection Vendor Notified: 2008-10-06 Impact: zomg! Note: should work regardless magicquotesgpc setting. Requires: Creating an account and be logged in Vulnerable function: handlemultiedit$skillids on /www/people/skillsutils.php...