CVE-2010-1521

CVE-2010-1521 describes a SQL injection in TaskFreak! Original (multi-user) before 0.6.4, exploitable via the password parameter in login.php to execute arbitrary SQL. Public references in the connected data confirm the vulnerable file include/classes/tzn_user.php and the input field used for aut...

CVE-2010-1520

CVE-2010-1520: TaskFreak! is affected by a Cross-Site Scripting vulnerability in logout.php via the tznMessage parameter in original multi-user releases before 0.6.4. The issue allows remote attackers to inject arbitrary HTML/script when a user loads the affected logout page. Multiple sources cor...

CVE-2010-1583

The connected OpenVAS/NASL entry confirms a concrete SQL injection in TaskFreak! 0.6.x using the Tirzen Framework 1.5, affecting the loadByKey() path in TznDbConnection (tzn_mysql.php). The vulnerability is exploitable via the username field in login, permitting unauthenticated remote attackers t...

CVE-2011-1062

TaskFreak! 0.6.4 exposes multiple XSS vulnerabilities in include/html/header.php allowing injection via (1) sContext, (2) sort, (3) dir, (4) show in index.php; (5) dir, (6) show in print_list.php; and (7) Referer header to rss.php. No remediation details are provided in the supplied documents; no...