24 matches found
PT-2026-39521
Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'name' parameter of files-edit.php. Attackers can inject JavaScript payloads through the file name field that execute in the...
CVE-2026-4045
A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldapemail can lead to observable response discrepancy. The attack can be executed remotely. A high complexity level is associated with...
CVE-2023-53905
ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into user profile names. Attackers can craft payloads like =calc|a!z| in the name field to trigger code execution when administrators export action logs as CSV files...
CVE-2023-53930 ProjectSend r1605 Insecure Direct Object Reference File Download Vulnerability
ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any user's private files by changing the 'id' parameter in the download request to process.p...
CVE-2025-13232
CVE-2025-13232 affects ProjectSend up to r1720, specifically the File Editor/Custom Download Aliases component. The issue is a cross-site scripting vulnerability arising from manipulation of an unknown function within that component, enabling remote exploitation. Public exploit exists and has bee...
EUVD-2014-9394
Malware in sbrugna...
EUVD-2017-18671
Malware in sbrugna...
EUVD-2017-11108
Malware in sbrugna...
EUVD-2019-3204
Malware in sbrugna...
EUVD-2016-1731
Malware in sbrugna...
EUVD-2016-1730
Malware in sbrugna...
EUVD-2021-28041
Malicious code in bioql PyPI...
EUVD-2021-28043
Malicious code in bioql PyPI...
CVE-2019-11378
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finishedfiles=../ directory traversal. It is possible for users to read arbitrary files and potentially access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code...
CVE-2017-20101
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zipdownload. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely...
CVE-2024-11680
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation...
PT-2024-8801
Name of the Vulnerable Software and Affected Versions ProjectSend versions prior to r1720 Description The issue is related to an improper authentication vulnerability in ProjectSend, allowing remote, unauthenticated attackers to modify the application's configuration by sending crafted HTTP...
ProjectSend R1605 Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605. The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration, disabling the whitelist of allowed file extensions, and uploadin...
Projectsend Directory Traversal Vulnerability
ProjectSend is a free, client-oriented, private file sharing web application. A directory traversal vulnerability exists in Projectsend version r1295. An attacker can exploit this vulnerability by adding the value 2 to the chunks parameter to bypass fileName validation...
CVE-2021-40886
Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value 2 for chunks parameter to bypass fileName sanitization...