334 matches found
Information disclosure
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zipdownload. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely...
CVE-2017-20101 ProjectSend information disclosure
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zipdownload. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely...
CVE-2017-20101 ProjectSend information disclosure
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zipdownload. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely...
CVE-2017-20101
CVE-2017-20101 affects ProjectSend r754. A vulnerability in the file/process: process.php?do=zip_download allows manipulation of the argument client/file, leading to information disclosure. The flaw is exploitable remotely. Connected documents confirm the impact as an information disclosure vulne...
ProjectSend 信息泄露漏洞
ProjectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. A security vulnerability exists in ProjectSend version r754, where the source application provides direct access to an object-based application that allows an attacker to bypass authorization and...
Projectsend Directory Traversal (CVE-2021-40887)
A directory traversal vulnerability exists in Projectsend. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...
Projectsend Cross Site Scripting
A cross-site scripting vulnerability exists in Projectsend. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Projectsend Information Disclosure Vulnerability
An information disclosure vulnerability exists in ProjectSend version r1295, a free, customer-facing private file sharing web application. The vulnerability stems from the ids parameter in files-edit.php and the id parameter in process.php not checking for authorization. An attacker could exploit...
Projectsend Directory Traversal Vulnerability
ProjectSend is a free, client-oriented, private file sharing web application. A directory traversal vulnerability exists in Projectsend version r1295. An attacker can exploit this vulnerability by adding the value 2 to the chunks parameter to bypass fileName validation...
Projectsend directory traversal vulnerability
A directory traversal vulnerability exists in ProjectSend version r1295, a free, customer-facing private file sharing Web application. The vulnerability stems from a lack of validation of the input to the files parameter. An attacker could exploit the vulnerability by adding ... /upload/files/...
CVE-2021-40886
Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value 2 for chunks parameter to bypass fileName sanitization...
CVE-2021-40887
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder...
CVE-2021-40884
Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application...
CVE-2021-40886
Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value 2 for chunks parameter to bypass fileName sanitization...
CVE-2021-40888
Projectsend version r1295 is affected by Cross Site Scripting XSS due to lack of sanitization when echo output data in returnFilesIds function. A low privilege user can call this function through process.php file and execute scripting code...
CVE-2021-40884
Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application...
CVE-2021-40888
Projectsend version r1295 is affected by Cross Site Scripting XSS due to lack of sanitization when echo output data in returnFilesIds function. A low privilege user can call this function through process.php file and execute scripting code...
CVE-2021-40887
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder...
Information disclosure
Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application...
Directory traversal
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder...