10 matches found
EUVD-2007-1569
Malware in sbrugna...
EUVD-2007-1570
Malware in sbrugna...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the checkcsrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magicquotesgpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the 1 Projects, 2 Contacts, 3 Helpdesk, 4 Notes, 5 Search...
CVE-2007-1638
Multiple cross-site request forgery CSRF vulnerabilities in the checkcsrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magicquotesgpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the 1 Projects, 2 Contacts, 3 Helpdesk, 4 Notes, 5 Search...
CVE-2007-1639
PHProjekt 5.2.0 contains an unrestricted file upload vulnerability (CVE-2007-1639) that allows an authenticated user to upload a PHP payload and execute code via a file with an executable extension, when magic_quotes_gpc is disabled. The issue can be triggered through modules such as calendar or ...
Sql injection
Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magicquotesgpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via 1 unspecified vectors to the a calendar and 2 search modules, and an 2 unspecified cookie when the user logs out...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in PHProjekt 5.2.0, when magicquotesgpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the 1 Projects, 2 Contacts, 3 Helpdesk, 4 Search only Gecko engine driven Browsers, and 5 Notes...
CVE-2007-1575
PHProjekt 5.2.0 is affected by multiple SQL injection vulnerabilities when magic_quotes_gpc is off, allowing remote authenticated users to execute arbitrary SQL via (a) calendar and (b) search module vectors and via a logout cookie. The issues are documented in CVE-2007-1575 and cited advisories ...
n.runs-SA-2007.005 - PHProjekt 5.2.0 - Cross Site Request Forgery
n.runs AG http://www.nruns.com/ security at nruns.com n.runs-SA-2007.005 14-Mar-2007 Vendor: Mayflower GmbH, http://www.mayflower.de Affected Products: PHProjekt 5.2.0 Vulnerability: Cross Site Request Forgery Risk: HIGH Vendor communication: 2006/12/31 initial notification of Mayflower 2007/01/0...
n.runs-SA-2007.006 - PHProjekt 5.2.0 - Privilege escalation
n.runs AG http://www.nruns.com/ security at nruns.com n.runs-SA-2007.006 14-Mar-2007 Vendor: Mayflower GmbH, http://www.mayflower.de Affected Products: PHProjekt 5.2.0 Vulnerability: Privilege escalation Risk: HIGH Vendor communication: 2006/12/31 initial notification of Mayflower 2007/01/02...