CVE-2010-1520

CVE-2010-1520: TaskFreak! is affected by a Cross-Site Scripting vulnerability in logout.php via the tznMessage parameter in original multi-user releases before 0.6.4. The issue allows remote attackers to inject arbitrary HTML/script when a user loads the affected logout page. Multiple sources cor...

CVE-2010-1520

Cross-site scripting XSS vulnerability in logout.php in TaskFreak! Original multi user before 0.6.4 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter...

CVE-2010-1521

SQL injection vulnerability in include/classes/tznuser.php in TaskFreak! Original multi user before 0.6.4 allows remote attackers to execute arbitrary SQL commands via the password parameter to login.php...

CVE-2010-1521

CVE-2010-1521 describes a SQL injection in TaskFreak! Original (multi-user) before 0.6.4, exploitable via the password parameter in login.php to execute arbitrary SQL. Public references in the connected data confirm the vulnerable file include/classes/tzn_user.php and the input field used for aut...

TaskFreak! logout.php tznMessage Parameter XSS

The version of TaskFreak! on the remote host is affected by a cross- site scripting vulnerability involving the 'tznMessage' parameter of the 'logout.php' script. A remote attacker may be able to exploit this by tricking a user into making a specially crafted GET request. There is also reportedly...

Secunia Research: TaskFreak "password" SQL Injection Vulnerability

====================================================================== Secunia Research 29/06/2010 - TaskFreak "password" SQL Injection Vulnerability - ====================================================================== Table of Contents Affected...

Secunia Research: TaskFreak "tznMessage" Cross-Site Scripting Vulnerability

====================================================================== Secunia Research 29/06/2010 - TaskFreak "tznMessage" Cross-Site Scripting Vulnerability - ====================================================================== Table of Contents Affected...

TaskFreak! < 0.6.3 SQLi Vulnerability

TaskFreak! is prone to an SQL injection SQLi vulnerability. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Task Freak 'loadByKey()' SQL Injection Vulnerability

This host is running Task Freak and is prone SQL Injection Vulnerability. OpenVAS Vulnerability Test $Id: secpodtaskfreaksqlinjvuln.nasl 5838 2017-04-03 10:26:36Z cfi $ Task Freak 'loadByKey' SQL Injection Vulnerability Authors: Madhuri D Copyright: Copyright c 2010 SecPod, http://www.secpod.com...

TaskFreak! Detection (HTTP)

HTTP based detection of TaskFreak!. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.902053";...

CVE-2010-1583

SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tznmysql.php in Tirzen aka TZN Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action...

CVE-2010-1583

The connected OpenVAS/NASL entry confirms a concrete SQL injection in TaskFreak! 0.6.x using the Tirzen Framework 1.5, affecting the loadByKey() path in TznDbConnection (tzn_mysql.php). The vulnerability is exploitable via the username field in login, permitting unauthenticated remote attackers t...

TaskFreak! loadByKey() SQL Injection

The version of TaskFreak installed on the remote host includes a version of the Tirzen Framework that fails to sanitize input to the 'loadByKey' function in the TznDbConnection class before using it in database queries. An unauthenticated, remote attacker can leverage this issue to launch a SQL...

TaskFreak! Detection

The remote web server hosts TaskFreak!, an open source task management application written in PHP. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid46223; scriptversion"1.8";...

TaskFreak! Default Credentials

The installation of TaskFreak! hosted on the remote web server uses the default username and password to control access to its administrative console. Knowing these, an attacker can gain control of the affected application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Sql injection

SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter...

CVE-2008-0270

SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter...

CVE-2008-0270

CVE-2008-0270 affects TaskFreak! prior to or including version 0.6.1, where an SQL injection exists in index.php triggered by the sContext parameter. The vulnerability allows remote authenticated users to execute arbitrary SQL commands. This is supported by multiple sources in the connected docum...

CVE-2008-0270

SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter...

taskfreak-sql.txt

| | |--.-----.| .-----.' |.---.-.----.-----.--| | | | | | -|| -- | -| || | | -| | || |||||/||| |.|||| TheDefaced.org TheDefaced Security Team Presents An 0-day. TaskFreak! SQL Injection Product: TaskFreak!/Discovered in ==0.6.1 Vuln: Remote SQL Injection Description: The request is not sanitized...