334 matches found
ProjectSend CVS Injection Vulnerability
rojectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. A CVS injection vulnerability exists in versions prior to ProjectSend r1053 that affects victims who import data into Microsoft Excel...
CVE-2019-11492
ProjectSend before r1070 writes user passwords to the server logs...
Code injection
ProjectSend before r1070 writes user passwords to the server logs...
CVE-2019-11492
ProjectSend before r1070 writes user passwords to the server logs...
CVE-2019-11533
Cross-site scripting XSS vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML...
Cross site scripting
Cross-site scripting XSS vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML...
CVE-2019-11533
Cross-site scripting XSS vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML...
CVE-2019-11533
CVE-2019-11533 affects ProjectSend prior to r1070, with a cross-site scripting (XSS) vulnerability that could allow remote attackers to inject arbitrary script/HTML. The issue stems from insufficient input sanitization in the affected component, enabling client-side script execution in the contex...
CVE-2019-11533
Cross-site scripting XSS vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML...
CVE-2019-11492
CVE-2019-11492 affects ProjectSend before release r1070, where user passwords are written to server logs. This creates exposure of credentials via log data. According to NVD, the CVSS metrics indicate a network-accessible issue with low attack complexity and a medium (CVSS2) to high (CVSS3) base ...
CVE-2019-11492
ProjectSend before r1070 writes user passwords to the server logs...
CVE-2019-11378
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finishedfiles=../ directory traversal. It is possible for users to read arbitrary files and potentially access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code...
CVE-2019-11378
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finishedfiles=../ directory traversal. It is possible for users to read arbitrary files and potentially access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code...
Directory traversal
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finishedfiles=../ directory traversal. It is possible for users to read arbitrary files and potentially access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code...
CVE-2019-11378
ProjectSend (revision r1053) is affected by CVE-2019-11378 through the upload-process-form.php endpoint, where finished_files[]=../ enables directory traversal. This allows attackers to read arbitrary files and potentially access the supporting database, delete files, leak user passwords, or exec...
CVE-2019-11378
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finishedfiles=../ directory traversal. It is possible for users to read arbitrary files and potentially access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code...
Unspecified Vulnerability in ProjectSend
ProjectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. A security vulnerability exists in version r582 of ProjectSend. An attacker could exploit the vulnerability to bypass authentication...
ProjectSend has an unspecified vulnerability (CNVD-2019-36884)
ProjectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. A security vulnerability exists in version r582 of ProjectSend, no details of the vulnerability are provided at this time...
CVE-2016-10734
ProjectSend formerly cFTP r582 allows Insecure Direct Object Reference via includes/actions.log.export.php...
CVE-2016-10732
ProjectSend formerly cFTP r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?fileid=1, or process-zip-download.php, or adduserform parameters to users-add.php...