BIT-OPENPROJECT-2023-33960

OpenProject is web-based project management software. For any OpenProject installation, a robots.txt file is generated through the server to denote which routes shall or shall not be accessed by crawlers. These routes contain project identifiers of all public projects in the instance. Prior to...

CVE-2021-32763

OpenProject prior to 11.3.3 is affected by CVE-2021-32763 due to a Regular Expression Denial of Service in the MessagesController.quote method, which uses a regex to strip tags from quoted forum messages. The problematic pattern (.|\s) allows backtracking when encountering an unterminated tag w...

USN-4590-1: Collabtive vulnerability

It was discovered that Collabtive did not properly validate avatar image file uploads. An authenticated user could exploit this with a crafted file to cause Collabtive to execute arbitrary code. CVE-2015-0258...

Debian: Security Advisory (DLA-2125-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

qdPM 9.1 - search[keywords] Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications =========================================================================================== Exploit Title: qdPM 9.1 - 'searchkeywords' XSS Injection CVE: CVE-2019-8390 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://qdpm.net Software...

qdPM 9.1 - 'type' Cross-Site Scripting

=========================================================================================== Exploit Title: qdPM 9.1 - 'type' XSS Injection CVE: CVE-2019-8391. Date: 14-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://qdpm.net Software Link:...

Complain Management System Hard-Coded Credentials / Blind SQL Injection

Exploit Title : Complain Management System Blind SQL Injection Date: 10 October 2017 Exploit Author: havysec Tested on: ubuntu14.04 Vendor: https://sourceforge.net/projects/complain-management-system/ Version: not supplied Download Software:...

Complain Management System SQL Injection

Title : Complain Management System SQL Injection Date: 20 January 2017 Exploit Author: Sibusiso Sishi [email protected] Tested on: Windows7 x32 Vendor: https://sourceforge.net/projects/complain-management-system/ Version: not supplied Download Software:...

Complain Management System - SQL injection Vulnerability

Exploit for php platform in category web applications Title : Complain Management System SQL Injection Date: 20 January 2017 Exploit Author: Sibusiso Sishi email protected Tested on: Windows7 x32 Vendor: https://sourceforge.net/projects/complain-management-system/ Version: not supplied Download...

Celoxis 9.5 Cross Site Scripting Vulnerability

Celoxis versions 9.5 and below suffer from a cross site scripting vulnerability. ================================================================ Celoxis alert"XSS" Advisory Timeline -------------------- 08/10/2015 - Informed Vendor about Issue 08/10/2015 - Vendor responded 12/11/2015 - Reminded...

Collabtive 1.1 (managetimetracker.php, id param) - SQL Injection

No description provided by source. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ || || || Advisory : Collabtive Sql Injection || || Affected Version : 1.1 || || Vendor : http://collabtive.o-dyn.de/index.php || || Risk : Medium || || CVE-ID : 2013-6872 || || Tested on Platform...

Debian Security Advisory DSA 2633-1 (fusionforge - privilege escalation)

Helmut Grohne discovered multiple privilege escalation flaws in FusionForge, a web-based project-management and collaboration software. Most of the vulnerabilities are related to the bad handling of privileged operations on user-controlled files or directories. OpenVAS Vulnerability Test $Id:...

DSA-2633-1 fusionforge - privilege escalation

Bulletin has no description...

Arbitrary File Upload/Execution in Collabtive

TITLE: Arbitrary File Upload/Execution in Collabtive DATE: 06-04-2012 PRODUCT: Collabtive Web-Based Project Management Software http://collabtive.o-dyn.de/ VERSIONS: 0.7.5, 0.6.1 confirmed. All versions = 0.7.5 probable RESEARCHER: Mark Hoopes [email protected]/ ADDITIONAL INFORMATION:...

GForge account/verify.php confirm_hash Parameter XSS

The remote host is running GForge, a web-based project for collaborative software development. The version of GForge installed on the remote host fails to sanitize user-supplied input to the 'confirmhash' parameter of the 'account/verify.php' script before using it to generate dynamic output. An...

GForge CVSWeb CGI cvsweb.php PATH_INFO Parameter Arbitrary Command Execution

The remote host is running GForge, a web-based project for collaborative software development. The version of GForge installed on the remote host fails to sanitize user-supplied input to the 'plugins/scmcvs/cvsweb.php' script before using it to execute a shell command. An unauthenticated attacker...

Trac: Cross-site scripting vulnerability

Background Trac is a minimalistic web-based project management, wiki and bug tracking system including a Subversion interface. Description Christophe Truc discovered that Trac fails to properly sanitize input passed in the URL. Impact A remote attacker could exploit this to inject and execute...