5 matches found
CVE-2002-1039
The vulnerability CVE-2002-1039 affects Double Choco Latte (DCL) prior to 20020706. A directory traversal in the Projects: Attachments feature lets remote attackers read arbitrary files by manipulating .. sequences during file download. The impact is described as partial confidentiality loss. No ...
CVE-2005-0887
The CVE-2005-0887 issue affects Double Choco Latte prior to 0.9.4.3. Root cause: eval() executed with user-supplied input via the menuAction variable in functions.inc.php or main.php, enabling remote arbitrary PHP code execution. Impact: partial confidentiality, integrity, and availability depend...
CVE-2005-0888
The vulnerability CVE-2005-0888 affects Double Choco Latte 0.9.4.3, where two XSS flaws exist in functions.inc.php allowing remote attackers to inject arbitrary script or HTML via the (1) class or (2) method name. The issue arises from improper handling of input parameters in those functions, lea...
CVE-2002-1037
CVE-2002-1037 describes a cross-site scripting vulnerability in Double Choco Latte (DCL) prior to 20020706. The issue allows remote attackers to inject arbitrary HTML, including script, into web pages via seven features: Ticket# Find, Priorities, Severities, Projects, WO# Find, Departments, and U...
CVE-2002-1038
CVE-2002-1038 concerns Double Choco Latte (DCL) prior to 20020706, where upload handling does not properly verify the file uploaded. This allows remote attackers to perform certain operations on arbitrary files via the two features: (1) Projects: Upload File Attachment and (2) Work Orders: Import...