103 matches found
phpCollab 2.5 - Direct Request Multiple Protected Page Access
phpCollab 2.5 - Direct Request Multiple Protected Page Access source: https://www.securityfocus.com/bid/53675/info phpCollab is prone to an unauthorized-access and an arbitrary-file-upload vulnerabilities. Attackers can leverage these issues to gain unauthorized access to application data and to...
PHPCollab 2.5 - uploadfile.php Crafted Request Arbitrary Non-PHP File Upload
PHPCollab 2.5 - uploadfile.php Crafted Request Arbitrary Non-PHP File Upload source: https://www.securityfocus.com/bid/53675/info phpCollab is prone to an unauthorized-access and an arbitrary-file-upload vulnerabilities. Attackers can leverage these issues to gain unauthorized access to applicati...
PHPCollab 2.5 - 'uploadfile.php' Crafted Request Arbitrary Non-PHP File Upload
source: https://www.securityfocus.com/bid/53675/info phpCollab is prone to an unauthorized-access and an arbitrary-file-upload vulnerabilities. Attackers can leverage these issues to gain unauthorized access to application data and to upload and execute arbitrary code in the context of the...
phpCollab 2.5 - Database Backup Information Disclosure
phpCollab 2.5 - Database Backup Information Disclosure source: https://www.securityfocus.com/bid/53656/info phpCollab is prone to an information-disclosure vulnerability because it fails to sufficiently validate user-supplied data. An attacker can exploit this issue to download backup files that...
PHPCollab 2.5 Unauthenticated File Upload
Exploit Title: phpcollab upload files without any authentication Date: 3/5/2012 Author: team ' and 1=1-- Software Link: http://www.phpcollab.com/ Version: 2.5 Vulnerability was found during the AthCon IT Security Conference CTF CTF Organizer: echothrust During AthCon CTF the team ' and 1=1--...
PHPCollab 2.5 Unauthenticated Access
Date: 3/5/2012 Author: team ' and 1=1-- Software Link: http://www.phpcollab.com/ Version: 2.5 Vulnerability was found during the AthCon IT Security Conference CTF CTF organizer: echothrust We identified that the PhpCollab application installed under http://192.0.0.2/phpcollab/ allows the...
PHPCollab 2.5 Database Backup Disclosure
Exploit Title: phpcollab Unauthenticated Database Backup Download Date: 3/5/2012 Author: team ' and 1=1-- Software Link: http://www.phpcollab.com/ Version: 2.5 Vulnerability was found during the AthCon IT Security Conference CTF CTF organizer: echothrust During AthCon CTF the team ' and 1=1--...
phpCollab 2.5 - Database Backup Information Disclosure
source: https://www.securityfocus.com/bid/53656/info phpCollab is prone to an information-disclosure vulnerability because it fails to sufficiently validate user-supplied data. An attacker can exploit this issue to download backup files that contain sensitive information. Information harvested ma...
CVE-2011-3772
phpCollab 2.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by topics/notinewtopic.php and certain other files...
Information disclosure
phpCollab 2.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by topics/notinewtopic.php and certain other files...
CVE-2011-3772
phpCollab 2.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by topics/notinewtopic.php and certain other files...
CVE-2011-3772
CVE-2011-3772 affects phpCollab 2.5. Affected component/file access (e.g., topics/noti_newtopic.php) can trigger an error message that reveals the installation path, enabling information disclosure. The root cause is improper handling of requests to certain PHP files that leaks path information. ...
HTB22918: Path disclosure in phpCollab
Vulnerability ID: HTB22918 Reference: http://www.htbridge.ch/advisory/pathdisclosureinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011 Vulnerability Type: Path disclosure Risk...
HTB22916: XSRF (CSRF) in phpCollab
Vulnerability ID: HTB22916 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011 Vulnerability Type: CSRF Cross-Site Request...
HTB22917: XSS vulnerabilities in phpCollab
Vulnerability ID: HTB22917 Reference: http://www.htbridge.ch/advisory/xssvulnerabilitiesinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011 Vulnerability Type: Stored XSS Cross...
phpCollab 2.5 Multiple Vulnerabilities
Exploit for php platform in category web applications Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level: Low Credit: High-Tech...
phpcollab 2.5 - Multiple Vulnerabilities
phpcollab 2.5 - Multiple Vulnerabilities Vulnerability ID: HTB22916 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011...
phpcollab 2.5 - Multiple Vulnerabilities
Vulnerability ID: HTB22916 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011 Vulnerability Type: CSRF Cross-Site Request...
phpCollab 2.5 XSRF / XSS / Path Disclosure
================================= Vulnerability ID: HTB22918 Reference: http://www.htbridge.ch/advisory/pathdisclosureinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011...
Cross-site Request Forgery (CSRF) in phpCollab
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in phpCollab which can be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in phpCollab 1.1 The vulnerability exists due to insufficient validation of the request origin in...