Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2015-3916

Malware in sbrugna...

7.5CVSS7.6AI score0.01545EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-3919

Malware in sbrugna...

8.8CVSS8.6AI score0.14399EPSS
Exploits4References4
CNVD
CNVD
added 2017/03/21 12:0 a.m.3 views

qdPM Arbitrary File Upload Vulnerability

qdPM is a free , open source based on Symfony framework using PHP and MySQL development project management system . An arbitrary file upload vulnerability exists in several pages in qdPM version 8.3. A remote attacker can exploit this vulnerability by sending a direct request to...

8.8CVSS7.7AI score0.14399EPSS
Exploits4References1
NVD
NVD
added 2017/03/17 2:59 p.m.30 views

CVE-2015-3884

Unrestricted file upload vulnerability in the 1 myAccount, 2 projects, 3 tasks, 4 tickets, 5 discussions, 6 reports, and 7 scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the...

8.8CVSS9AI score0.14399EPSS
Exploits4References3
NVD
NVD
added 2017/03/17 2:59 p.m.16 views

CVE-2015-3881

Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to 1 core/config/databases.yml, 2 core/log/qdPMprod.log, or 3 core/apps/qdPM/config/settings.yml...

7.5CVSS7.2AI score0.01545EPSS
Exploits1References2
NVD
NVD
added 2017/03/17 2:59 p.m.11 views

CVE-2015-3882

qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/ID, which reveals the installation path in an error message...

5.3CVSS5.2AI score0.01178EPSS
Exploits1References2
Prion
Prion
added 2017/03/17 2:59 p.m.13 views

Design/Logic Flaw

qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/ID, which reveals the installation path in an error message...

5CVSS6.7AI score0.01178EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2017/03/17 2:59 p.m.28 views

Unrestricted file upload

Unrestricted file upload vulnerability in the 1 myAccount, 2 projects, 3 tasks, 4 tickets, 5 discussions, 6 reports, and 7 scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the...

6.5CVSS8.1AI score0.14399EPSS
Exploits4References3Affected Software1
NVD
NVD
added 2017/03/17 2:59 p.m.15 views

CVE-2015-3883

Multiple cross-site scripting XSS vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 searchkeywords parameter to index.php/users page; the 2 "Name of application" on index.php/configuration; 3 a new project name on index.php/projects; 4 the task na...

6.1CVSS6.1AI score0.00797EPSS
Exploits1References2
Prion
Prion
added 2017/03/17 2:59 p.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 searchkeywords parameter to index.php/users page; the 2 "Name of application" on index.php/configuration; 3 a new project name on index.php/projects; 4 the task na...

4.3CVSS6AI score0.00797EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2017/03/17 2:0 p.m.20 views

CVE-2015-3881

Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to 1 core/config/databases.yml, 2 core/log/qdPMprod.log, or 3 core/apps/qdPM/config/settings.yml...

7.2AI score0.01545EPSS
Exploits1References2
Cvelist
Cvelist
added 2017/03/17 2:0 p.m.31 views

CVE-2015-3884

Unrestricted file upload vulnerability in the 1 myAccount, 2 projects, 3 tasks, 4 tickets, 5 discussions, 6 reports, and 7 scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the...

8.9AI score0.14399EPSS
Exploits4References3
Cvelist
Cvelist
added 2017/03/17 2:0 p.m.17 views

CVE-2015-3882

qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/ID, which reveals the installation path in an error message...

5.1AI score0.01178EPSS
Exploits1References2
Cvelist
Cvelist
added 2017/03/17 2:0 p.m.21 views

CVE-2015-3883

Multiple cross-site scripting XSS vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 searchkeywords parameter to index.php/users page; the 2 "Name of application" on index.php/configuration; 3 a new project name on index.php/projects; 4 the task na...

6.1AI score0.00797EPSS
Exploits1References2
CVE
CVE
added 2017/03/17 2:0 p.m.69 views

CVE-2015-3884

qdPM contains an unrestricted file upload vulnerability (affecting 8.3 and earlier) that lets remote attackers upload executable files and access them via uploads/attachments/ or uploads/users/ to achieve RCE. The issue arises from allowing executable extensions and direct file access; Metasploit...

8.8CVSS8.9AI score0.14399EPSS
Exploits4References3Affected Software1
CVE
CVE
added 2017/03/17 2:0 p.m.44 views

CVE-2015-3883

qdPM 8.3 is affected by multiple cross-site scripting (XSS) vulnerabilities. The issues allow remote attackers to inject arbitrary web script or HTML via various user-controlled inputs, including: search[keywords] on index.php/users, the Name of application on index.php/configuration, new project...

6.1CVSS6AI score0.00797EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2017/03/17 2:0 p.m.43 views

CVE-2015-3881

CVE-2015-3881 affects qdPM 8.3 and is an information disclosure issue. Multiple sources (NVD/CNVD entries) describe that an attacker can obtain sensitive information by forcing or performing a direct request to one of three files: core/config/databases.yml, core/log/qdPM_prod.log, or core/apps/qd...

7.5CVSS7.1AI score0.01545EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder