Lucene search
K

250 matches found

CVE
CVE
added 2009/02/19 6:0 p.m.59 views

CVE-2008-6188

CVE-2008-6188 affects GForge 4.6 rc1 and earlier. The SQL injection exists in people/editprofile.php via the skill_edit[] parameter, enabling remote attackers to inject arbitrary SQL. Connected sources confirm the affected software and input vector; no vendor patch is provided in the documents, s...

7.5CVSS8.6AI score0.01314EPSS
Exploits2References5Affected Software1
CVE
CVE
added 2009/02/19 6:0 p.m.60 views

CVE-2008-6187

CVE-2008-6187 affects GForge 4.5.19 and earlier. The vulnerability is a SQL injection in frs/shownotes.php via the release_id parameter, allowing remote attackers to execute arbitrary SQL commands. The NVD entry lists a CVSS v2 base score of 7.5 (HIGH) with network attack vector and no authentica...

7.5CVSS8.6AI score0.01314EPSS
Exploits2References5Affected Software1
OpenVAS
OpenVAS
added 2009/01/13 12:0 a.m.22 views

Debian Security Advisory DSA 1698-1 (gforge)

The remote host is missing an update to gforge announced via advisory DSA 1698-1. OpenVAS Vulnerability Test $Id: deb16981.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1698-1 gforge Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

7.5CVSS6.6AI score0.01607EPSS
Exploits1
OpenVAS
OpenVAS
added 2009/01/13 12:0 a.m.18 views

Debian: Security Advisory (DSA-1698-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.6AI score0.02321EPSS
Exploits5References3
Tenable Nessus
Tenable Nessus
added 2009/01/11 12:0 a.m.17 views

Debian DSA-1698-1 : gforge - insufficient input sanitising

It was discovered that GForge, a collaborative development tool, insufficiently sanitises some input allowing a remote attacker to perform SQL injection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...

7.5CVSS5.7AI score0.01607EPSS
Exploits1References2
Debian
Debian
added 2009/01/09 8:2 a.m.24 views

[SECURITY] [DSA 1698-1] New gforge packages fix SQL injection

------------------------------------------------------------------------ Debian Security Advisory DSA-1698-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst January 09, 2009 http://www.debian.org/security/faq -...

7.5CVSS6.9AI score0.01607EPSS
Exploits1
OSV
OSV
added 2009/01/09 12:0 a.m.15 views

DSA-1698-1 gforge - SQL injection

Bulletin has no description...

7.5CVSS6.3AI score0.02321EPSS
Exploits5
seebug.org
seebug.org
added 2009/01/06 12:0 a.m.33 views

GForge GroupJoinRequest.class远程SQL注入漏洞

BUGTRAQ ID: 33086 CVECAN ID: CVE-2008-2381 GForge是用于管理软件开发周期的工具。 GForge的common/include/GroupJoinRequest.class文件中没有正确地验证对create函数的输入,远程攻击者可以通过提交恶意的SQL查询请求注入并执行恶意代码。 GForge GForge 4.6 GForge GForge 4.5 GForge ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

7.5CVSS0.01607EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2009/01/02 7:30 p.m.20 views

CVE-2008-2381

SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable...

7.5CVSS6.2AI score0.01607EPSS
Exploits1References1
Prion
Prion
added 2009/01/02 7:30 p.m.18 views

Sql injection

SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable...

7.5CVSS8.9AI score0.01607EPSS
Exploits1References9Affected Software1
NVD
NVD
added 2009/01/02 7:30 p.m.26 views

CVE-2008-2381

SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable...

7.5CVSS8.2AI score0.01607EPSS
Exploits1References9
Cvelist
Cvelist
added 2009/01/02 7:0 p.m.26 views

CVE-2008-2381

SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable...

8.2AI score0.01607EPSS
Exploits1References9
CVE
CVE
added 2009/01/02 7:0 p.m.66 views

CVE-2008-2381

CVE-2008-2381 describes an SQL injection in GForge’s GroupJoinRequest.class create() function (common/include/GroupJoinRequest.class) affecting GForge 4.5 and 4.6. The vulnerability allows a remote attacker to inject SQL via the comments variable, enabling arbitrary SQL execution. Public referenc...

7.5CVSS8.4AI score0.01607EPSS
Exploits1References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2008/10/15 12:0 a.m.73 views

Default Password (gforge) for 'root' Account

The account 'root' on the remote host has the password 'gforge'. An attacker may leverage this issue to gain total control of the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "root"; password = "gforge"; include'deprecatednasllevel.inc'; include'compat.inc'; if...

7.5CVSS8.2AI score0.53618EPSS
Exploits41References1
Tenable Nessus
Tenable Nessus
added 2008/10/14 12:0 a.m.31 views

GForge top/topusers.php offset Parameter SQL Injection

The remote host is running GForge, an open source, web-based project management and collaboration software. The installed version of GForge fails to sanitize user-supplied input to the 'offset' parameter in the 'top/topusers.php' script before using it in a database query. Regardless of PHP's...

7.5CVSS5.5AI score0.02321EPSS
Exploits2References2
Packet Storm
Packet Storm
added 2008/10/09 12:0 a.m.20 views

gforge4519-sql.txt

Gforge = 4.5.19 Multiple Sql Injections Vendor Notified: 2008-10-06 Note: should work regardless magicquotesgpc setting. http://gforgesite.xxx/new/?groupid=&limit=50&offset=50;select 1 as id,CURRENTUSER as forumid, version as summary...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2008/10/09 12:0 a.m.19 views

Gforge <= 4.5.19 Multiple Remote SQL Injection Vulnerabilities

No description provided by source. Gforge = 4.5.19 Multiple Sql Injections Vendor Notified: 2008-10-06 Note: should work regardless magicquotesgpc setting. http://gforgesite.xxx/new/?groupid=&limit=50&offset=50;select 1 as id,CURRENTUSER as forumid, version as summary...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2008/10/09 12:0 a.m.12 views

Gforge 4.6 rc1 - skill_edit SQL Injection

Gforge 4.6 rc1 - skilledit SQL Injection Gforge = 4.6 rc1 skilledit SQL injection Vendor Notified: 2008-10-06 Impact: zomg! Note: should work regardless magicquotesgpc setting. Requires: Creating an account and be logged in Vulnerable function: handlemultiedit$skillids on...

0.5AI score
Exploits0
0day.today
0day.today
added 2008/10/09 12:0 a.m.13 views

Gforge <= 4.6 rc1 (skill_edit) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================== Gforge = 4.6 rc1 skilledit SQL Injection Vulnerability ========================================================== Gforge = 4.6 rc1 skilledit SQL injection Vendor Notified: 2008-10-...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2008/10/09 12:0 a.m.14 views

gforge46-sql.txt

Gforge = 4.6 rc1 skilledit SQL injection Vendor Notified: 2008-10-06 Impact: zomg! Note: should work regardless magicquotesgpc setting. Requires: Creating an account and be logged in Vulnerable function: handlemultiedit$skillids on /www/people/skillsutils.php...

7.4AI score
Exploits0
Rows per page
Query Builder