projects software vulnerabilities
vulnerabilities.aspcode.net
Searching projects software vulnerabilities
Open Projects Network Internet Relay Chat (IRC)
Projects
|
Internet
|
Network
|
Relay
|
Chat
|
Open
|
Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 does not perform a double-reverse DNS lookup, which allows remote attackers to spoof any valid hostname on the Internet. NOTE: a followup post suggests that this is not an issue in the daemon.
Cross-site scripting vulnerability in Double Ch
vulnerability
|
Cross-site
|
scripting
|
Double
|
Latte
|
Choco
|
Cross-site scripting vulnerability in Double Choco Latte (DCL) before Saturday, July 06, 2002 allows remote attackers to inject arbitrary HTML, including script, into web pages via the (1) Ticket# Find, (2) Priorities, (3) Severities, (4) Projects, (5) WO# Find, (6) Departments and (7) Users features.
Double Choco Latte (DCL) before 20020706 does n
Double
|
Latte
|
Choco
|
Double Choco Latte (DCL) before Saturday, July 06, 2002 does not properly verify if a file was uploaded, which allows remote attackers to conduct certain operations on arbitrary files via the (1) Projects: Upload File Attachment or (2) Work Orders: Import features.
** DISPUTED ** Multiple PHP remote file include
vulnerabilities
|
dotProject
|
DISPUTED
|
Multiple
|
include
|
remote
|
file
|
PHP
|
** DISPUTED ** Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, and (7) tasks/gantt.php; and the dPconfig[root_dir] parameter in (8) projects/gantt.php, (9) gantt2.php, and (10) vw_files.php. NOTE: the vendor disputes this issue, stating that the product documentation clearly recommends that the system administrator disable register_globals, and that the check.php script warns against this setting. Also, the vendor says that the protection.php/siteurl vector is incorrect because protection.php does not exist in the product.
Xcode Tools before 2.3 for Mac OS X 10.4, when
before
|
Tools
|
Xcode
|
Mac
|
Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files.
Multiple cross-site request forgery (CSRF) vuln
cross-site
|
Multiple
|
forgery
|
request
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the check_csrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Notes, (5) Search, (6) Mail, or (7) Filemanager module; the (9) summary page; or unspecified other files.
Software vulnerabilities results 1 to 8 of 8
Page:
1