250 matches found
CVE-2012-1061
SQL injection vulnerability in GForge Advanced Server 6.0.0 and other versions before 6.0.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2012-1061
CVE-2012-1061 affects GForge Advanced Server 6.0.0 and all versions before 6.0.1. The issue is a SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Exploit details, affected subcomponents, and concrete impact are not provided in the...
GForge 5.7.1 - Multiple Cross-Site Scripting Vulnerabilities
GForge 5.7.1 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/51799/info GForge is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execu...
GForge 5.7.1 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/51799/info GForge is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal...
FreeBSD : gforge -- XSS and email flood vulnerabilities (d7cd5015-08c9-11da-bc08-0001020eed82)
Jose Antonio Coret reports that GForge contains multiple Cross Site Scripting vulnerabilities and an e-mail flood vulnerability : The login form is also vulnerable to XSS Cross Site Scripting attacks. This may be used to launch phising attacks by sending HTML e-mails i.e.: saying that you need to...
Debian DSA-1945-1 : gforge - symlink attack
Sylvain Beucler discovered that gforge, a collaborative development tool, is prone to a symlink attack, which allows local users to perform a denial of service attack by overwriting arbitrary files. The oldstable distribution etch, this problem has been fixed in version 4.5.14-22etch13...
Debian DSA-1937-1 : gforge - insufficient input sanitising
It was discovered that gforge, collaborative development tool, is prone to a cross-site scripting attack via the helpname parameter. Beside fixing this issue, the update also introduces some additional input sanitising. However, there are no known attack vectors. %NASLMINLEVEL 70300 C Tenable...
Debian Security Advisory DSA 1945-1 (gforge)
The remote host is missing an update to gforge announced via advisory DSA 1945-1. OpenVAS Vulnerability Test $Id: deb19451.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1945-1 gforge Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
Debian: Security Advisory (DSA-1945-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Design/Logic Flaw
GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorizedkeys files in users' home directories, related to deb-specific/sshdumpupdate.pl and cronjobs/cvs-cron/sshcreate.php...
CVE-2009-3304
GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorizedkeys files in users' home directories, related to deb-specific/sshdumpupdate.pl and cronjobs/cvs-cron/sshcreate.php...
CVE-2009-3304
GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorizedkeys files in users' home directories, related to deb-specific/sshdumpupdate.pl and cronjobs/cvs-cron/sshcreate.php...
CVE-2009-3304
GForge (versions 4.5.14, 4.7 rc2, 4.8.2) is vulnerable to a local symlink attack allowing local users to overwrite arbitrary files in users’ home directories via authorized_keys, related to deb-specific/ssh_dump_update.pl and cronjobs/cvs-cron/ssh_create.php. Debian and Red Hat advisories indicat...
CVE-2009-3304
GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorizedkeys files in users' home directories, related to deb-specific/sshdumpupdate.pl and cronjobs/cvs-cron/sshcreate.php...
[SECURITY] [DSA 1945-1] New gforge packages fix denial of service
------------------------------------------------------------------------ Debian Security Advisory DSA-1945-1 [email protected] http://www.debian.org/security/ Steffen Joeris December 03, 2009 http://www.debian.org/security/faq -...
DSA-1945-1 gforge - denial of service
Bulletin has no description...
GForge Detection
The remote host is running GForge, an open source web-based project-management and collaboration software. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid42963; scriptversion"1.11"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01";...
GForge help/tracker.php helpname Parameter XSS
The installed version of GForge fails to sanitize user-supplied input to the 'helpname' parameter in the 'help/tracker.php' script before using it to generate dynamic HTML content. An unauthenticated, remote attacker may be able to leverage this issue to inject arbitrary HTML or script code into ...
[SECURITY] [DSA 1937-1] New gforge packages fix cross-site scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1937-1 [email protected] http://www.debian.org/security/ Steffen Joeris November 21, 2009 http://www.debian.org/security/faq -...
CVE-2009-3303
Cross-site scripting XSS vulnerability in www/help/tracker.php in GForge 4.5.14, 4.7 rc2, and 4.8.1 allows remote attackers to inject arbitrary web script or HTML via the helpname parameter...