Search criteria
12 vulnerabilities found for taskjitsu by pkr_internet
FKIE_CVE-2006-5184
Vulnerability from fkie_nvd - Published: 2006-10-10 04:06 - Updated: 2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the key parameter, when the limit query parameter is set to customerid.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pkr_internet | taskjitsu | * | |
| pkr_internet | taskjitsu | 0.1 | |
| pkr_internet | taskjitsu | 2.0 | |
| pkr_internet | taskjitsu | 2.0.1 | |
| pkr_internet | taskjitsu | 2.0.3 | |
| pkr_internet | taskjitsu | 2.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pkr_internet:taskjitsu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1E8533-66A1-443A-A084-110815EBB92B",
"versionEndIncluding": "2.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pkr_internet:taskjitsu:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9546620-3256-4D85-A144-789A12C5F89D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pkr_internet:taskjitsu:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A03C9348-DD01-4CB3-A5E4-153A8AFA7024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pkr_internet:taskjitsu:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "019F8F95-DA8B-4C97-804F-580D6D47FEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pkr_internet:taskjitsu:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19EABEE0-5CAD-40BA-9E6F-D98A609FFBC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pkr_internet:taskjitsu:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D41B4E57-5DC9-4C00-95D8-651DD3DC33E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the key parameter, when the limit query parameter is set to customerid."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en PKR Internet Taskjitsu anterior a 2.0.6 permite a un atacante remoto ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro key, cuando el l\u00edmite del par\u00e1metro consulta est\u00e1 asignado a customerid."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nPKR Internet, Taskjitsu, 2.0.6",
"id": "CVE-2006-5184",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-10T04:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22257"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016978"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/20332"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3903"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "https://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"URL Repurposed"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/20332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "https://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"URL Repurposed"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3517"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-3958
Vulnerability from fkie_nvd - Published: 2006-08-01 21:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple unspecified cross-site scripting (XSS) vulnerabilities in Taskjitsu 2.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the Search Tasks system, or authenticated users via (2) the Edit Task system, (3) the back-end Category Editor system, and (4) "Pages that display task status, email addresses, URL, customer, and project information."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pkr_internet | taskjitsu | 2.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pkr_internet:taskjitsu:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19EABEE0-5CAD-40BA-9E6F-D98A609FFBC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified cross-site scripting (XSS) vulnerabilities in Taskjitsu 2.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the Search Tasks system, or authenticated users via (2) the Edit Task system, (3) the back-end Category Editor system, and (4) \"Pages that display task status, email addresses, URL, customer, and project information.\""
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Taskjitsu 2.0.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del sistema (1) Search Tasks, o usuarios validados a trav\u00e9s del sistema (2)Edit Task, (3) el sistema back-end Category Editor, y (4) P\u00e1ginas que muestran el estado de la tarea, direcci\u00f3n email, URL, cliente, y informaci\u00f3n deol proyecto\"."
}
],
"id": "CVE-2006-3958",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-01T21:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21242"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/27637"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19251"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3058"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28178"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/27637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3477"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-3398
Vulnerability from fkie_nvd - Published: 2006-07-06 20:05 - Updated: 2025-04-03 01:03
Severity ?
Summary
The "change password forms" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pkr_internet | taskjitsu | 0.1 | |
| pkr_internet | taskjitsu | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pkr_internet:taskjitsu:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9546620-3256-4D85-A144-789A12C5F89D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pkr_internet:taskjitsu:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A03C9348-DD01-4CB3-A5E4-153A8AFA7024",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"change password forms\" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor."
},
{
"lang": "es",
"value": "El formulario de cambio de contrase\u00f1as en las versiones de Taskjitsu anteriores a la 2.0.1 incluye los hashes (funciones resumen) de las contrase\u00f1as en los campos ocultos del formulario, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a partir de (1) el Editor de categor\u00edas y (2) el editor de informaci\u00f3n de usuario."
}
],
"id": "CVE-2006-3398",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-06T20:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2660"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3400"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-3397
Vulnerability from fkie_nvd - Published: 2006-07-06 20:05 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, including the (1) title and (2) description parameters when creating a task.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pkr_internet | taskjitsu | 0.1 | |
| pkr_internet | taskjitsu | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pkr_internet:taskjitsu:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9546620-3256-4D85-A144-789A12C5F89D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pkr_internet:taskjitsu:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A03C9348-DD01-4CB3-A5E4-153A8AFA7024",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, including the (1) title and (2) description parameters when creating a task."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Taskjitsu anterior a v2.0.1 permite a atacantes remotos inyectar inyectar secuencias de comandos web y HTML de su elecci\u00f3n a trav\u00e9s de m\u00faltiples par\u00e1metros sin especificar, incluyendo (1) el t\u00edtulo y (2)la descripci\u00f3n de par\u00e1metros cuando se crea una tarea."
}
],
"id": "CVE-2006-3397",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-06T20:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20912"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18818"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2660"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27533"
},
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3313"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2006-5184 (GCVE-0-2006-5184)
Vulnerability from cvelistv5 – Published: 2006-10-06 19:00 – Updated: 2024-08-07 19:41
VLAI?
Summary
SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the key parameter, when the limit query parameter is set to customerid.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:05.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3517"
},
{
"name": "1016978",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016978"
},
{
"name": "20332",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20332"
},
{
"name": "22257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"name": "ADV-2006-3903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3903"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the key parameter, when the limit query parameter is set to customerid."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-10-18T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3517"
},
{
"name": "1016978",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016978"
},
{
"name": "20332",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20332"
},
{
"name": "22257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"name": "ADV-2006-3903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3903"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the key parameter, when the limit query parameter is set to customerid."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pkrinternet.com/taskjitsu/task/3517",
"refsource": "CONFIRM",
"url": "https://www.pkrinternet.com/taskjitsu/task/3517"
},
{
"name": "1016978",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016978"
},
{
"name": "20332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20332"
},
{
"name": "22257",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22257"
},
{
"name": "https://www.pkrinternet.com/download/RELEASE-NOTES.txt",
"refsource": "CONFIRM",
"url": "https://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"name": "ADV-2006-3903",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3903"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5184",
"datePublished": "2006-10-06T19:00:00",
"dateReserved": "2006-10-06T00:00:00",
"dateUpdated": "2024-08-07T19:41:05.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3958 (GCVE-0-2006-3958)
Vulnerability from cvelistv5 – Published: 2006-08-01 21:00 – Updated: 2024-08-07 18:48
VLAI?
Summary
Multiple unspecified cross-site scripting (XSS) vulnerabilities in Taskjitsu 2.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the Search Tasks system, or authenticated users via (2) the Edit Task system, (3) the back-end Category Editor system, and (4) "Pages that display task status, email addresses, URL, customer, and project information."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3477"
},
{
"name": "19251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19251"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"name": "ADV-2006-3058",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3058"
},
{
"name": "27637",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27637"
},
{
"name": "21242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21242"
},
{
"name": "taskjitsu-unspecified-xss(28178)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified cross-site scripting (XSS) vulnerabilities in Taskjitsu 2.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the Search Tasks system, or authenticated users via (2) the Edit Task system, (3) the back-end Category Editor system, and (4) \"Pages that display task status, email addresses, URL, customer, and project information.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3477"
},
{
"name": "19251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19251"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"name": "ADV-2006-3058",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3058"
},
{
"name": "27637",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27637"
},
{
"name": "21242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21242"
},
{
"name": "taskjitsu-unspecified-xss(28178)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28178"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified cross-site scripting (XSS) vulnerabilities in Taskjitsu 2.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the Search Tasks system, or authenticated users via (2) the Edit Task system, (3) the back-end Category Editor system, and (4) \"Pages that display task status, email addresses, URL, customer, and project information.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pkrinternet.com/taskjitsu/task/3477",
"refsource": "CONFIRM",
"url": "https://www.pkrinternet.com/taskjitsu/task/3477"
},
{
"name": "19251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19251"
},
{
"name": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt",
"refsource": "CONFIRM",
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"name": "ADV-2006-3058",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3058"
},
{
"name": "27637",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27637"
},
{
"name": "21242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21242"
},
{
"name": "taskjitsu-unspecified-xss(28178)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28178"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3958",
"datePublished": "2006-08-01T21:00:00",
"dateReserved": "2006-08-01T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3397 (GCVE-0-2006-3397)
Vulnerability from cvelistv5 – Published: 2006-07-06 20:00 – Updated: 2024-08-07 18:30
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, including the (1) title and (2) description parameters when creating a task.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:32.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "taskjitsu-task-xss(27533)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27533"
},
{
"name": "20912",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20912"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3313"
},
{
"name": "18818",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18818"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"name": "ADV-2006-2660",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, including the (1) title and (2) description parameters when creating a task."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "taskjitsu-task-xss(27533)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27533"
},
{
"name": "20912",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20912"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3313"
},
{
"name": "18818",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18818"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"name": "ADV-2006-2660",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2660"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, including the (1) title and (2) description parameters when creating a task."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "taskjitsu-task-xss(27533)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27533"
},
{
"name": "20912",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20912"
},
{
"name": "https://www.pkrinternet.com/taskjitsu/task/3313",
"refsource": "MISC",
"url": "https://www.pkrinternet.com/taskjitsu/task/3313"
},
{
"name": "18818",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18818"
},
{
"name": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt",
"refsource": "CONFIRM",
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"name": "ADV-2006-2660",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2660"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3397",
"datePublished": "2006-07-06T20:00:00",
"dateReserved": "2006-07-06T00:00:00",
"dateUpdated": "2024-08-07T18:30:32.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3398 (GCVE-0-2006-3398)
Vulnerability from cvelistv5 – Published: 2006-07-06 20:00 – Updated: 2024-08-07 18:30
VLAI?
Summary
The "change password forms" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:32.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3400"
},
{
"name": "ADV-2006-2660",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"change password forms\" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3400"
},
{
"name": "ADV-2006-2660",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2660"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"change password forms\" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt",
"refsource": "CONFIRM",
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"name": "https://www.pkrinternet.com/taskjitsu/task/3400",
"refsource": "MISC",
"url": "https://www.pkrinternet.com/taskjitsu/task/3400"
},
{
"name": "ADV-2006-2660",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2660"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3398",
"datePublished": "2006-07-06T20:00:00",
"dateReserved": "2006-07-06T00:00:00",
"dateUpdated": "2024-08-07T18:30:32.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5184 (GCVE-0-2006-5184)
Vulnerability from nvd – Published: 2006-10-06 19:00 – Updated: 2024-08-07 19:41
VLAI?
Summary
SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the key parameter, when the limit query parameter is set to customerid.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:05.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3517"
},
{
"name": "1016978",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016978"
},
{
"name": "20332",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20332"
},
{
"name": "22257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"name": "ADV-2006-3903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3903"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the key parameter, when the limit query parameter is set to customerid."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-10-18T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3517"
},
{
"name": "1016978",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016978"
},
{
"name": "20332",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20332"
},
{
"name": "22257",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"name": "ADV-2006-3903",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3903"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the key parameter, when the limit query parameter is set to customerid."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pkrinternet.com/taskjitsu/task/3517",
"refsource": "CONFIRM",
"url": "https://www.pkrinternet.com/taskjitsu/task/3517"
},
{
"name": "1016978",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016978"
},
{
"name": "20332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20332"
},
{
"name": "22257",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22257"
},
{
"name": "https://www.pkrinternet.com/download/RELEASE-NOTES.txt",
"refsource": "CONFIRM",
"url": "https://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"name": "ADV-2006-3903",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3903"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5184",
"datePublished": "2006-10-06T19:00:00",
"dateReserved": "2006-10-06T00:00:00",
"dateUpdated": "2024-08-07T19:41:05.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3958 (GCVE-0-2006-3958)
Vulnerability from nvd – Published: 2006-08-01 21:00 – Updated: 2024-08-07 18:48
VLAI?
Summary
Multiple unspecified cross-site scripting (XSS) vulnerabilities in Taskjitsu 2.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the Search Tasks system, or authenticated users via (2) the Edit Task system, (3) the back-end Category Editor system, and (4) "Pages that display task status, email addresses, URL, customer, and project information."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3477"
},
{
"name": "19251",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19251"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"name": "ADV-2006-3058",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3058"
},
{
"name": "27637",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27637"
},
{
"name": "21242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21242"
},
{
"name": "taskjitsu-unspecified-xss(28178)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified cross-site scripting (XSS) vulnerabilities in Taskjitsu 2.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the Search Tasks system, or authenticated users via (2) the Edit Task system, (3) the back-end Category Editor system, and (4) \"Pages that display task status, email addresses, URL, customer, and project information.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3477"
},
{
"name": "19251",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19251"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"name": "ADV-2006-3058",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3058"
},
{
"name": "27637",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27637"
},
{
"name": "21242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21242"
},
{
"name": "taskjitsu-unspecified-xss(28178)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28178"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified cross-site scripting (XSS) vulnerabilities in Taskjitsu 2.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the Search Tasks system, or authenticated users via (2) the Edit Task system, (3) the back-end Category Editor system, and (4) \"Pages that display task status, email addresses, URL, customer, and project information.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pkrinternet.com/taskjitsu/task/3477",
"refsource": "CONFIRM",
"url": "https://www.pkrinternet.com/taskjitsu/task/3477"
},
{
"name": "19251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19251"
},
{
"name": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt",
"refsource": "CONFIRM",
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"name": "ADV-2006-3058",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3058"
},
{
"name": "27637",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27637"
},
{
"name": "21242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21242"
},
{
"name": "taskjitsu-unspecified-xss(28178)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28178"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3958",
"datePublished": "2006-08-01T21:00:00",
"dateReserved": "2006-08-01T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3397 (GCVE-0-2006-3397)
Vulnerability from nvd – Published: 2006-07-06 20:00 – Updated: 2024-08-07 18:30
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, including the (1) title and (2) description parameters when creating a task.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:32.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "taskjitsu-task-xss(27533)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27533"
},
{
"name": "20912",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20912"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3313"
},
{
"name": "18818",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18818"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"name": "ADV-2006-2660",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, including the (1) title and (2) description parameters when creating a task."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "taskjitsu-task-xss(27533)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27533"
},
{
"name": "20912",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20912"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3313"
},
{
"name": "18818",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18818"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"name": "ADV-2006-2660",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2660"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, including the (1) title and (2) description parameters when creating a task."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "taskjitsu-task-xss(27533)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27533"
},
{
"name": "20912",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20912"
},
{
"name": "https://www.pkrinternet.com/taskjitsu/task/3313",
"refsource": "MISC",
"url": "https://www.pkrinternet.com/taskjitsu/task/3313"
},
{
"name": "18818",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18818"
},
{
"name": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt",
"refsource": "CONFIRM",
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"name": "ADV-2006-2660",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2660"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3397",
"datePublished": "2006-07-06T20:00:00",
"dateReserved": "2006-07-06T00:00:00",
"dateUpdated": "2024-08-07T18:30:32.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3398 (GCVE-0-2006-3398)
Vulnerability from nvd – Published: 2006-07-06 20:00 – Updated: 2024-08-07 18:30
VLAI?
Summary
The "change password forms" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:32.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3400"
},
{
"name": "ADV-2006-2660",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"change password forms\" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pkrinternet.com/taskjitsu/task/3400"
},
{
"name": "ADV-2006-2660",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2660"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"change password forms\" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt",
"refsource": "CONFIRM",
"url": "http://www.pkrinternet.com/download/RELEASE-NOTES.txt"
},
{
"name": "https://www.pkrinternet.com/taskjitsu/task/3400",
"refsource": "MISC",
"url": "https://www.pkrinternet.com/taskjitsu/task/3400"
},
{
"name": "ADV-2006-2660",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2660"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3398",
"datePublished": "2006-07-06T20:00:00",
"dateReserved": "2006-07-06T00:00:00",
"dateUpdated": "2024-08-07T18:30:32.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}