Lucene search
K

250 matches found

Cvelist
Cvelist
added 2012/02/14 12:0 a.m.20 views

CVE-2012-1061

SQL injection vulnerability in GForge Advanced Server 6.0.0 and other versions before 6.0.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

8.4AI score0.01209EPSS
Exploits0References5
CVE
CVE
added 2012/02/14 12:0 a.m.38 views

CVE-2012-1061

CVE-2012-1061 affects GForge Advanced Server 6.0.0 and all versions before 6.0.1. The issue is a SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Exploit details, affected subcomponents, and concrete impact are not provided in the...

7.5CVSS8.6AI score0.01209EPSS
Exploits0References5Affected Software1
exploitpack
exploitpack
added 2012/02/02 12:0 a.m.14 views

GForge 5.7.1 - Multiple Cross-Site Scripting Vulnerabilities

GForge 5.7.1 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/51799/info GForge is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execu...

Exploits0
Exploit DB
Exploit DB
added 2012/02/02 12:0 a.m.19 views

GForge 5.7.1 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/51799/info GForge is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/10/14 12:0 a.m.22 views

FreeBSD : gforge -- XSS and email flood vulnerabilities (d7cd5015-08c9-11da-bc08-0001020eed82)

Jose Antonio Coret reports that GForge contains multiple Cross Site Scripting vulnerabilities and an e-mail flood vulnerability : The login form is also vulnerable to XSS Cross Site Scripting attacks. This may be used to launch phising attacks by sending HTML e-mails i.e.: saying that you need to...

5CVSS5.5AI score0.0273EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2010/02/24 12:0 a.m.17 views

Debian DSA-1945-1 : gforge - symlink attack

Sylvain Beucler discovered that gforge, a collaborative development tool, is prone to a symlink attack, which allows local users to perform a denial of service attack by overwriting arbitrary files. The oldstable distribution etch, this problem has been fixed in version 4.5.14-22etch13...

3.3CVSS5.5AI score0.00314EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2010/02/24 12:0 a.m.28 views

Debian DSA-1937-1 : gforge - insufficient input sanitising

It was discovered that gforge, collaborative development tool, is prone to a cross-site scripting attack via the helpname parameter. Beside fixing this issue, the update also introduces some additional input sanitising. However, there are no known attack vectors. %NASLMINLEVEL 70300 C Tenable...

4.3CVSS5AI score0.01679EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2009/12/10 12:0 a.m.21 views

Debian Security Advisory DSA 1945-1 (gforge)

The remote host is missing an update to gforge announced via advisory DSA 1945-1. OpenVAS Vulnerability Test $Id: deb19451.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1945-1 gforge Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

3.3CVSS6.6AI score0.00314EPSS
Exploits0
OpenVAS
OpenVAS
added 2009/12/09 12:0 a.m.13 views

Debian: Security Advisory (DSA-1945-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.3CVSS6.8AI score0.00314EPSS
Exploits0References3
Prion
Prion
added 2009/12/04 7:30 p.m.17 views

Design/Logic Flaw

GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorizedkeys files in users' home directories, related to deb-specific/sshdumpupdate.pl and cronjobs/cvs-cron/sshcreate.php...

3.3CVSS6.5AI score0.00314EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2009/12/04 7:30 p.m.18 views

CVE-2009-3304

GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorizedkeys files in users' home directories, related to deb-specific/sshdumpupdate.pl and cronjobs/cvs-cron/sshcreate.php...

3.3CVSS5.8AI score0.00314EPSS
Exploits0References1
NVD
NVD
added 2009/12/04 7:30 p.m.26 views

CVE-2009-3304

GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorizedkeys files in users' home directories, related to deb-specific/sshdumpupdate.pl and cronjobs/cvs-cron/sshcreate.php...

3.3CVSS6.2AI score0.00314EPSS
Exploits0References3
CVE
CVE
added 2009/12/04 7:0 p.m.62 views

CVE-2009-3304

GForge (versions 4.5.14, 4.7 rc2, 4.8.2) is vulnerable to a local symlink attack allowing local users to overwrite arbitrary files in users’ home directories via authorized_keys, related to deb-specific/ssh_dump_update.pl and cronjobs/cvs-cron/ssh_create.php. Debian and Red Hat advisories indicat...

3.3CVSS6.2AI score0.00314EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2009/12/04 7:0 p.m.29 views

CVE-2009-3304

GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorizedkeys files in users' home directories, related to deb-specific/sshdumpupdate.pl and cronjobs/cvs-cron/sshcreate.php...

6.2AI score0.00314EPSS
Exploits0References3
Debian
Debian
added 2009/12/03 12:46 p.m.15 views

[SECURITY] [DSA 1945-1] New gforge packages fix denial of service

------------------------------------------------------------------------ Debian Security Advisory DSA-1945-1 [email protected] http://www.debian.org/security/ Steffen Joeris December 03, 2009 http://www.debian.org/security/faq -...

3.3CVSS6.3AI score0.00314EPSS
Exploits0
OSV
OSV
added 2009/12/03 12:0 a.m.14 views

DSA-1945-1 gforge - denial of service

Bulletin has no description...

3.3CVSS6.4AI score0.00314EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/12/01 12:0 a.m.16 views

GForge Detection

The remote host is running GForge, an open source web-based project-management and collaboration software. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid42963; scriptversion"1.11"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01";...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2009/12/01 12:0 a.m.19 views

GForge help/tracker.php helpname Parameter XSS

The installed version of GForge fails to sanitize user-supplied input to the 'helpname' parameter in the 'help/tracker.php' script before using it to generate dynamic HTML content. An unauthenticated, remote attacker may be able to leverage this issue to inject arbitrary HTML or script code into ...

4.3CVSS5.7AI score0.01679EPSS
Exploits0References3
securityvulns
securityvulns
added 2009/11/25 12:0 a.m.56 views

[SECURITY] [DSA 1937-1] New gforge packages fix cross-site scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1937-1 [email protected] http://www.debian.org/security/ Steffen Joeris November 21, 2009 http://www.debian.org/security/faq -...

4.3CVSS0.2AI score0.01679EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2009/11/24 5:30 p.m.29 views

CVE-2009-3303

Cross-site scripting XSS vulnerability in www/help/tracker.php in GForge 4.5.14, 4.7 rc2, and 4.8.1 allows remote attackers to inject arbitrary web script or HTML via the helpname parameter...

4.3CVSS6AI score0.01679EPSS
Exploits0References2
Rows per page
Query Builder