CVE-2016-10734

ProjectSend formerly cFTP r582 allows Insecure Direct Object Reference via includes/actions.log.export.php...

CVE-2016-10733

ProjectSend formerly cFTP r582 allows directory traversal via file=../ in the process-zip-download.php query string...

CVE-2016-10732

ProjectSend formerly cFTP r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?fileid=1, or process-zip-download.php, or adduserform parameters to users-add.php...

CVE-2016-10733

ProjectSend formerly cFTP r582 allows directory traversal via file=../ in the process-zip-download.php query string...

Authentication flaw

ProjectSend formerly cFTP r582 allows Insecure Direct Object Reference via includes/actions.log.export.php...

Directory traversal

ProjectSend formerly cFTP r582 allows directory traversal via file=../ in the process-zip-download.php query string...

Sql injection

ProjectSend formerly cFTP r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selectedclients, clients.php with the request parameter status, process-zip-download.php with the...

CVE-2016-10731

ProjectSend formerly cFTP r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selectedclients, clients.php with the request parameter status, process-zip-download.php with the...

CVE-2016-10731

ProjectSend formerly cFTP r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selectedclients, clients.php with the request parameter status, process-zip-download.php with the...

Authentication flaw

ProjectSend formerly cFTP r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?fileid=1, or process-zip-download.php, or adduserform parameters to users-add.php...

CVE-2016-10734

ProjectSend formerly cFTP r582 allows Insecure Direct Object Reference via includes/actions.log.export.php...

CVE-2016-10731

CVE-2016-10731 affects ProjectSend (formerly cFTP) r582 and enables SQL injection via multiple PHP endpoints: manage-files.php (status, files), clients.php (selected_clients, status), process-zip-download.php (file), or home-log.php (action). Root cause: input parameters are used in SQL queries w...

CVE-2016-10732

ProjectSend formerly cFTP r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?fileid=1, or process-zip-download.php, or adduserform parameters to users-add.php...

CVE-2016-10733

ProjectSend formerly cFTP r582 allows directory traversal via file=../ in the process-zip-download.php query string...

CVE-2016-10731

ProjectSend formerly cFTP r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selectedclients, clients.php with the request parameter status, process-zip-download.php with the...

CVE-2016-10734

ProjectSend (formerly cFTP) r582 contains an Insecure Direct Object Reference vulnerability in includes/actions.log.export.php. The CNVD entry notes that ProjectSend is a PHP/MySQL self-hosted application, and the NVD entry documents a high-impact issue with access control to object references. T...

CVE-2016-10733

ProjectSend (formerly cFTP) r582 is affected by a directory traversal vulnerability that can be triggered through the file parameter (file=../) in the process-zip-download.php query string. This vulnerability is documented in CVE-2016-10733. The impact is described in the associated CVSS metrics ...

CVE-2016-10732

ProjectSend (formerly cFTP) r582 contains an authentication bypass vulnerability that can be exploited via direct requests to users.php, home.php, edit-file.php?file_id=1, process-zip-download.php, or add_user_form_* parameters to users-add.php. The CVE-2016-10732 entry documents impact as authen...

ProjectSend - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: ProjectSend - SQL Injection Exploit Author: GUIA BRAHIM FOUAD Vendor Homepage: https://www.projectsend.org/ Software Link: https://www.projectsend.org/download/241/ Version: R1053 Tested on: ProjectSend version: R1053, php...

ProjectSend R1053 SQL Injection

Exploit Title: ProjectSend - SQL Injection Date: 27/07/2018 Exploit Author: GUIA BRAHIM FOUAD Vendor Homepage: https://www.projectsend.org/ Software Link: https://www.projectsend.org/download/241/ Version: R1053 Tested on: ProjectSend version: R1053, php version: 7.0, MySQL version: 5.7 CVE :...