BIT-OPENPROJECT-2023-33960

OpenProject is web-based project management software. For any OpenProject installation, a robots.txt file is generated through the server to denote which routes shall or shall not be accessed by crawlers. These routes contain project identifiers of all public projects in the instance. Prior to...

CVE-2021-32763

OpenProject prior to 11.3.3 is affected by CVE-2021-32763 due to a Regular Expression Denial of Service in the MessagesController.quote method, which uses a regex to strip tags from quoted forum messages. The problematic pattern (.|\s) allows backtracking when encountering an unterminated tag w...

USN-4590-1: Collabtive vulnerability

It was discovered that Collabtive did not properly validate avatar image file uploads. An authenticated user could exploit this with a crafted file to cause Collabtive to execute arbitrary code. CVE-2015-0258...

Debian: Security Advisory (DLA-2125-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

qdPM 9.1 - search[keywords] Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications =========================================================================================== Exploit Title: qdPM 9.1 - 'searchkeywords' XSS Injection CVE: CVE-2019-8390 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://qdpm.net Software...

qdPM 9.1 - 'type' Cross-Site Scripting

=========================================================================================== Exploit Title: qdPM 9.1 - 'type' XSS Injection CVE: CVE-2019-8391. Date: 14-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://qdpm.net Software Link:...

Celoxis 9.5 Cross Site Scripting Vulnerability

Celoxis versions 9.5 and below suffer from a cross site scripting vulnerability. ================================================================ Celoxis alert"XSS" Advisory Timeline -------------------- 08/10/2015 - Informed Vendor about Issue 08/10/2015 - Vendor responded 12/11/2015 - Reminded...

Collabtive 1.1 (managetimetracker.php, id param) - SQL Injection

No description provided by source. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ || || || Advisory : Collabtive Sql Injection || || Affected Version : 1.1 || || Vendor : http://collabtive.o-dyn.de/index.php || || Risk : Medium || || CVE-ID : 2013-6872 || || Tested on Platform...

DSA-2633-1 fusionforge - privilege escalation

Bulletin has no description...

Debian Security Advisory DSA 2633-1 (fusionforge - privilege escalation)

Helmut Grohne discovered multiple privilege escalation flaws in FusionForge, a web-based project-management and collaboration software. Most of the vulnerabilities are related to the bad handling of privileged operations on user-controlled files or directories. OpenVAS Vulnerability Test $Id:...

Arbitrary File Upload/Execution in Collabtive

TITLE: Arbitrary File Upload/Execution in Collabtive DATE: 06-04-2012 PRODUCT: Collabtive Web-Based Project Management Software http://collabtive.o-dyn.de/ VERSIONS: 0.7.5, 0.6.1 confirmed. All versions = 0.7.5 probable RESEARCHER: Mark Hoopes [email protected]/ ADDITIONAL INFORMATION:...

Trac: Cross-site scripting vulnerability

Background Trac is a minimalistic web-based project management, wiki and bug tracking system including a Subversion interface. Description Christophe Truc discovered that Trac fails to properly sanitize input passed in the URL. Impact A remote attacker could exploit this to inject and execute...