Search criteria
15 vulnerabilities by dotProject
CVE-2012-5702 (GCVE-0-2012-5702)
Vulnerability from cvelistv5 – Published: 2014-10-21 14:00 – Updated: 2024-08-06 21:14
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to index.php. NOTE: the date parameter vector is already covered by CVE-2008-3886.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "87627",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/87627"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23124"
},
{
"name": "56624",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56624"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/"
},
{
"name": "dotproject-index-date-xss(80216)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80216"
},
{
"name": "51332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51332"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to index.php. NOTE: the date parameter vector is already covered by CVE-2008-3886."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "87627",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/87627"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23124"
},
{
"name": "56624",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56624"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/"
},
{
"name": "dotproject-index-date-xss(80216)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80216"
},
{
"name": "51332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51332"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to index.php. NOTE: the date parameter vector is already covered by CVE-2008-3886."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "87627",
"refsource": "OSVDB",
"url": "http://osvdb.org/87627"
},
{
"name": "https://www.htbridge.com/advisory/HTB23124",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23124"
},
{
"name": "56624",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56624"
},
{
"name": "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/"
},
{
"name": "dotproject-index-date-xss(80216)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80216"
},
{
"name": "51332",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51332"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5702",
"datePublished": "2014-10-21T14:00:00",
"dateReserved": "2012-10-31T00:00:00",
"dateUpdated": "2024-08-06T21:14:16.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5701 (GCVE-0-2012-5701)
Vulnerability from cvelistv5 – Published: 2014-10-20 15:00 – Updated: 2024-08-06 21:14
VLAI?
Summary
Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "87625",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/87625"
},
{
"name": "dotproject-searchstring-sql-injection(80223)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80223"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23124"
},
{
"name": "56624",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56624"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/118274/dotProject-2.1.6-Cross-Site-Scripting-SQL-Injection.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "87625",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/87625"
},
{
"name": "dotproject-searchstring-sql-injection(80223)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80223"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23124"
},
{
"name": "56624",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56624"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/118274/dotProject-2.1.6-Cross-Site-Scripting-SQL-Injection.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "87625",
"refsource": "OSVDB",
"url": "http://osvdb.org/87625"
},
{
"name": "dotproject-searchstring-sql-injection(80223)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80223"
},
{
"name": "https://www.htbridge.com/advisory/HTB23124",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23124"
},
{
"name": "56624",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56624"
},
{
"name": "http://packetstormsecurity.com/files/118274/dotProject-2.1.6-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/118274/dotProject-2.1.6-Cross-Site-Scripting-SQL-Injection.html"
},
{
"name": "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5701",
"datePublished": "2014-10-20T15:00:00",
"dateReserved": "2012-10-31T00:00:00",
"dateUpdated": "2024-08-06T21:14:16.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3729 (GCVE-0-2011-3729)
Vulnerability from cvelistv5 – Published: 2011-09-23 23:00 – Updated: 2024-09-17 03:18
VLAI?
Summary
dotproject 2.1.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by style/dp-grey-theme/footer.php and certain other files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:02.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/dotproject-2.1.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "dotproject 2.1.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by style/dp-grey-theme/footer.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T23:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/dotproject-2.1.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dotproject 2.1.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by style/dp-grey-theme/footer.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/dotproject-2.1.4",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/dotproject-2.1.4"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3729",
"datePublished": "2011-09-23T23:00:00Z",
"dateReserved": "2011-09-23T00:00:00Z",
"dateUpdated": "2024-09-17T03:18:06.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6747 (GCVE-0-2008-6747)
Vulnerability from cvelistv5 – Published: 2009-04-23 17:00 – Updated: 2024-08-07 11:42
VLAI?
Summary
dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=21656\u0026release_id=616346"
},
{
"name": "dotproject-adminpage-unauth-access(43019)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43019"
},
{
"name": "46143",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46143"
},
{
"name": "29679",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29679"
},
{
"name": "30470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=21656\u0026release_id=616346"
},
{
"name": "dotproject-adminpage-unauth-access(43019)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43019"
},
{
"name": "46143",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46143"
},
{
"name": "29679",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29679"
},
{
"name": "30470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6747",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=21656\u0026release_id=616346",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=21656\u0026release_id=616346"
},
{
"name": "dotproject-adminpage-unauth-access(43019)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43019"
},
{
"name": "46143",
"refsource": "OSVDB",
"url": "http://osvdb.org/46143"
},
{
"name": "29679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29679"
},
{
"name": "30470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6747",
"datePublished": "2009-04-23T17:00:00",
"dateReserved": "2009-04-23T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3886 (GCVE-0-2008-3886)
Vulnerability from cvelistv5 – Published: 2008-09-02 15:00 – Updated: 2024-08-07 09:53
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the inactive parameter in a tasks action, (2) the date parameter in a calendar day_view action, (3) the callback parameter in a public calendar action, or (4) the type parameter in a ticketsmith action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstorm.linuxsecurity.com/0808-exploits/dotproject-sqlxss.txt"
},
{
"name": "dotproject-inactive-date-xss(44770)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44770"
},
{
"name": "31681",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31681"
},
{
"name": "30924",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30924"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the inactive parameter in a tasks action, (2) the date parameter in a calendar day_view action, (3) the callback parameter in a public calendar action, or (4) the type parameter in a ticketsmith action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstorm.linuxsecurity.com/0808-exploits/dotproject-sqlxss.txt"
},
{
"name": "dotproject-inactive-date-xss(44770)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44770"
},
{
"name": "31681",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31681"
},
{
"name": "30924",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30924"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the inactive parameter in a tasks action, (2) the date parameter in a calendar day_view action, (3) the callback parameter in a public calendar action, or (4) the type parameter in a ticketsmith action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstorm.linuxsecurity.com/0808-exploits/dotproject-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstorm.linuxsecurity.com/0808-exploits/dotproject-sqlxss.txt"
},
{
"name": "dotproject-inactive-date-xss(44770)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44770"
},
{
"name": "31681",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31681"
},
{
"name": "30924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30924"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3886",
"datePublished": "2008-09-02T15:00:00",
"dateReserved": "2008-09-02T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3887 (GCVE-0-2008-3887)
Vulnerability from cvelistv5 – Published: 2008-09-02 15:00 – Updated: 2024-08-07 09:53
VLAI?
Summary
Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in a viewuser action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:53:00.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "dotproject-tab-sql-injection(44771)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44771"
},
{
"name": "dotproject-userid-sql-injection(44772)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44772"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstorm.linuxsecurity.com/0808-exploits/dotproject-sqlxss.txt"
},
{
"name": "31681",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31681"
},
{
"name": "30924",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30924"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in a viewuser action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "dotproject-tab-sql-injection(44771)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44771"
},
{
"name": "dotproject-userid-sql-injection(44772)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44772"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstorm.linuxsecurity.com/0808-exploits/dotproject-sqlxss.txt"
},
{
"name": "31681",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31681"
},
{
"name": "30924",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30924"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in a viewuser action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dotproject-tab-sql-injection(44771)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44771"
},
{
"name": "dotproject-userid-sql-injection(44772)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44772"
},
{
"name": "http://packetstorm.linuxsecurity.com/0808-exploits/dotproject-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstorm.linuxsecurity.com/0808-exploits/dotproject-sqlxss.txt"
},
{
"name": "31681",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31681"
},
{
"name": "30924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30924"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3887",
"datePublished": "2008-09-02T15:00:00",
"dateReserved": "2008-09-02T00:00:00",
"dateUpdated": "2024-08-07T09:53:00.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5486 (GCVE-0-2007-5486)
Vulnerability from cvelistv5 – Published: 2007-10-16 23:00 – Updated: 2024-08-07 15:31
VLAI?
Summary
dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:58.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26080",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26080"
},
{
"name": "27191",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27191"
},
{
"name": "dotproject-companies-security-bypass(37202)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37202"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.dotproject.net/view.php?id=1910"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.dotproject.net/index.php/Closed_Issues_/_Feature_Requests_-_2.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26080",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26080"
},
{
"name": "27191",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27191"
},
{
"name": "dotproject-companies-security-bypass(37202)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37202"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.dotproject.net/view.php?id=1910"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.dotproject.net/index.php/Closed_Issues_/_Feature_Requests_-_2.1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26080",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26080"
},
{
"name": "27191",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27191"
},
{
"name": "dotproject-companies-security-bypass(37202)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37202"
},
{
"name": "http://bugs.dotproject.net/view.php?id=1910",
"refsource": "CONFIRM",
"url": "http://bugs.dotproject.net/view.php?id=1910"
},
{
"name": "http://docs.dotproject.net/index.php/Closed_Issues_/_Feature_Requests_-_2.1",
"refsource": "CONFIRM",
"url": "http://docs.dotproject.net/index.php/Closed_Issues_/_Feature_Requests_-_2.1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5486",
"datePublished": "2007-10-16T23:00:00",
"dateReserved": "2007-10-16T00:00:00",
"dateUpdated": "2024-08-07T15:31:58.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3226 (GCVE-0-2007-3226)
Vulnerability from cvelistv5 – Published: 2007-06-14 23:00 – Updated: 2024-08-07 14:05
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-2851 and CVE-2006-3240.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36381",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36381"
},
{
"name": "ADV-2007-2214",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2214"
},
{
"name": "JVN#63602912",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2363602912/index.html"
},
{
"name": "24472",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24472"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=510005\u0026group_id=21656"
},
{
"name": "25638",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25638"
},
{
"name": "dotproject-unspecified-xss(34865)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34865"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-2851 and CVE-2006-3240."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36381",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36381"
},
{
"name": "ADV-2007-2214",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2214"
},
{
"name": "JVN#63602912",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2363602912/index.html"
},
{
"name": "24472",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24472"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=510005\u0026group_id=21656"
},
{
"name": "25638",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25638"
},
{
"name": "dotproject-unspecified-xss(34865)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34865"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-2851 and CVE-2006-3240."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36381",
"refsource": "OSVDB",
"url": "http://osvdb.org/36381"
},
{
"name": "ADV-2007-2214",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2214"
},
{
"name": "JVN#63602912",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2363602912/index.html"
},
{
"name": "24472",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24472"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=510005\u0026group_id=21656",
"refsource": "MISC",
"url": "http://sourceforge.net/project/shownotes.php?release_id=510005\u0026group_id=21656"
},
{
"name": "25638",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25638"
},
{
"name": "dotproject-unspecified-xss(34865)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34865"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3226",
"datePublished": "2007-06-14T23:00:00",
"dateReserved": "2007-06-14T00:00:00",
"dateUpdated": "2024-08-07T14:05:29.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4234 (GCVE-0-2006-4234)
Vulnerability from cvelistv5 – Published: 2006-08-18 19:55 – Updated: 2024-08-07 19:06
VLAI?
Summary
PHP remote file inclusion vulnerability in classes/query.class.php in dotProject 2.0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:06.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3297"
},
{
"name": "dotproject-class-file-include(28401)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28401"
},
{
"name": "19547",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19547"
},
{
"name": "2191",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in classes/query.class.php in dotProject 2.0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3297",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3297"
},
{
"name": "dotproject-class-file-include(28401)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28401"
},
{
"name": "19547",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19547"
},
{
"name": "2191",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in classes/query.class.php in dotProject 2.0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3297"
},
{
"name": "dotproject-class-file-include(28401)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28401"
},
{
"name": "19547",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19547"
},
{
"name": "2191",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4234",
"datePublished": "2006-08-18T19:55:00",
"dateReserved": "2006-08-18T00:00:00",
"dateUpdated": "2024-08-07T19:06:06.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3240 (GCVE-0-2006-3240)
Vulnerability from cvelistv5 – Published: 2006-06-27 10:00 – Updated: 2024-08-07 18:23
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-2509",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2509"
},
{
"name": "20822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20822"
},
{
"name": "dotproject-classesuiclass-xss(27585)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27585"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dotproject.cvs.sourceforge.net/dotproject/dotproject/classes/ui.class.php?r1=1.113\u0026r2=1.114"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=427236"
},
{
"name": "18650",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18650"
},
{
"name": "JVN#39188922",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2339188922/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-2509",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2509"
},
{
"name": "20822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20822"
},
{
"name": "dotproject-classesuiclass-xss(27585)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27585"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dotproject.cvs.sourceforge.net/dotproject/dotproject/classes/ui.class.php?r1=1.113\u0026r2=1.114"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=427236"
},
{
"name": "18650",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18650"
},
{
"name": "JVN#39188922",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2339188922/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2509",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2509"
},
{
"name": "20822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20822"
},
{
"name": "dotproject-classesuiclass-xss(27585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27585"
},
{
"name": "http://dotproject.cvs.sourceforge.net/dotproject/dotproject/classes/ui.class.php?r1=1.113\u0026r2=1.114",
"refsource": "CONFIRM",
"url": "http://dotproject.cvs.sourceforge.net/dotproject/dotproject/classes/ui.class.php?r1=1.113\u0026r2=1.114"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=427236",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=427236"
},
{
"name": "18650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18650"
},
{
"name": "JVN#39188922",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2339188922/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3240",
"datePublished": "2006-06-27T10:00:00",
"dateReserved": "2006-06-26T00:00:00",
"dateUpdated": "2024-08-07T18:23:21.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2851 (GCVE-0-2006-2851)
Vulnerability from cvelistv5 – Published: 2006-06-06 20:03 – Updated: 2024-08-07 18:06
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:26.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18275"
},
{
"name": "dotproject-xss(26904)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26904"
},
{
"name": "JVN#97636431",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2397636431/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=422371"
},
{
"name": "20418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20418"
},
{
"name": "ADV-2006-2124",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2124"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18275"
},
{
"name": "dotproject-xss(26904)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26904"
},
{
"name": "JVN#97636431",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2397636431/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=422371"
},
{
"name": "20418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20418"
},
{
"name": "ADV-2006-2124",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2124"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18275"
},
{
"name": "dotproject-xss(26904)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26904"
},
{
"name": "JVN#97636431",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2397636431/index.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=422371",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=422371"
},
{
"name": "20418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20418"
},
{
"name": "ADV-2006-2124",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2124"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2851",
"datePublished": "2006-06-06T20:03:00",
"dateReserved": "2006-06-05T00:00:00",
"dateUpdated": "2024-08-07T18:06:26.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0755 (GCVE-0-2006-0755)
Vulnerability from cvelistv5 – Published: 2006-02-18 02:00 – Updated: 2025-01-16 19:58
VLAI?
Summary
Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, and (7) tasks/gantt.php; and the dPconfig[root_dir] parameter in (8) projects/gantt.php, (9) gantt2.php, and (10) vw_files.php. NOTE: the vendor disputes this issue, stating that the product documentation clearly recommends that the system administrator disable register_globals, and that the check.php script warns against this setting. Also, the vendor says that the protection.php/siteurl vector is incorrect because protection.php does not exist in the product
Severity ?
5.6 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:56.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060214 dotproject \u003c= 2.0.1 remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424957/100/0/threaded"
},
{
"name": "23210",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23210"
},
{
"name": "23216",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23216"
},
{
"name": "23217",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23217"
},
{
"name": "18879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18879"
},
{
"name": "23209",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23209"
},
{
"name": "16648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16648"
},
{
"name": "23212",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23212"
},
{
"name": "23215",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23215"
},
{
"name": "dotproject-multiple-basedir-file-include(24738)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24738"
},
{
"name": "23213",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23213"
},
{
"name": "ADV-2006-0604",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0604"
},
{
"name": "23214",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23214"
},
{
"name": "23218",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23218"
},
{
"name": "23211",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23211"
},
{
"name": "23219",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23219"
},
{
"name": "20060215 Re: dotproject \u003c= 2.0.1 remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425285/100/0/threaded"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2006-0755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-15T18:06:59.724935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T19:58:25.845Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, and (7) tasks/gantt.php; and the dPconfig[root_dir] parameter in (8) projects/gantt.php, (9) gantt2.php, and (10) vw_files.php. NOTE: the vendor disputes this issue, stating that the product documentation clearly recommends that the system administrator disable register_globals, and that the check.php script warns against this setting. Also, the vendor says that the protection.php/siteurl vector is incorrect because protection.php does not exist in the product"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060214 dotproject \u003c= 2.0.1 remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424957/100/0/threaded"
},
{
"name": "23210",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23210"
},
{
"name": "23216",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23216"
},
{
"name": "23217",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23217"
},
{
"name": "18879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18879"
},
{
"name": "23209",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23209"
},
{
"name": "16648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16648"
},
{
"name": "23212",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23212"
},
{
"name": "23215",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23215"
},
{
"name": "dotproject-multiple-basedir-file-include(24738)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24738"
},
{
"name": "23213",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23213"
},
{
"name": "ADV-2006-0604",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0604"
},
{
"name": "23214",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23214"
},
{
"name": "23218",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23218"
},
{
"name": "23211",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23211"
},
{
"name": "23219",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23219"
},
{
"name": "20060215 Re: dotproject \u003c= 2.0.1 remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425285/100/0/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, and (7) tasks/gantt.php; and the dPconfig[root_dir] parameter in (8) projects/gantt.php, (9) gantt2.php, and (10) vw_files.php. NOTE: the vendor disputes this issue, stating that the product documentation clearly recommends that the system administrator disable register_globals, and that the check.php script warns against this setting. Also, the vendor says that the protection.php/siteurl vector is incorrect because protection.php does not exist in the product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060214 dotproject \u003c= 2.0.1 remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424957/100/0/threaded"
},
{
"name": "23210",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23210"
},
{
"name": "23216",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23216"
},
{
"name": "23217",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23217"
},
{
"name": "18879",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18879"
},
{
"name": "23209",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23209"
},
{
"name": "16648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16648"
},
{
"name": "23212",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23212"
},
{
"name": "23215",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23215"
},
{
"name": "dotproject-multiple-basedir-file-include(24738)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24738"
},
{
"name": "23213",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23213"
},
{
"name": "ADV-2006-0604",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0604"
},
{
"name": "23214",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23214"
},
{
"name": "23218",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23218"
},
{
"name": "23211",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23211"
},
{
"name": "23219",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23219"
},
{
"name": "20060215 Re: dotproject \u003c= 2.0.1 remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425285/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0755",
"datePublished": "2006-02-18T02:00:00",
"dateReserved": "2006-02-18T00:00:00",
"dateUpdated": "2025-01-16T19:58:25.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0754 (GCVE-0-2006-0754)
Vulnerability from cvelistv5 – Published: 2006-02-18 02:00 – Updated: 2024-08-07 16:48
VLAI?
Summary
dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:55.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23206",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23206"
},
{
"name": "20060214 dotproject \u003c= 2.0.1 remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424957/100/0/threaded"
},
{
"name": "dotproject-phpinfo-check-obtain-info(24745)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24745"
},
{
"name": "18879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18879"
},
{
"name": "16648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16648"
},
{
"name": "ADV-2006-0604",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0604"
},
{
"name": "20060215 Re: dotproject \u003c= 2.0.1 remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425285/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23206",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23206"
},
{
"name": "20060214 dotproject \u003c= 2.0.1 remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424957/100/0/threaded"
},
{
"name": "dotproject-phpinfo-check-obtain-info(24745)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24745"
},
{
"name": "18879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18879"
},
{
"name": "16648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16648"
},
{
"name": "ADV-2006-0604",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0604"
},
{
"name": "20060215 Re: dotproject \u003c= 2.0.1 remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425285/100/0/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23206",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23206"
},
{
"name": "20060214 dotproject \u003c= 2.0.1 remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424957/100/0/threaded"
},
{
"name": "dotproject-phpinfo-check-obtain-info(24745)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24745"
},
{
"name": "18879",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18879"
},
{
"name": "16648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16648"
},
{
"name": "ADV-2006-0604",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0604"
},
{
"name": "20060215 Re: dotproject \u003c= 2.0.1 remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425285/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0754",
"datePublished": "2006-02-18T02:00:00",
"dateReserved": "2006-02-18T00:00:00",
"dateUpdated": "2024-08-07T16:48:55.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0756 (GCVE-0-2006-0756)
Vulnerability from cvelistv5 – Published: 2006-02-18 02:00 – Updated: 2024-08-07 16:48
VLAI?
Summary
dotProject 2.0.1 and earlier leaves (1) phpinfo.php and (2) check.php accessible under the /docs/ directory after installation, which allows remote attackers to obtain sensitive configuration information. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:55.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "434",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/434"
},
{
"name": "20060214 dotproject \u003c= 2.0.1 remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424957/100/0/threaded"
},
{
"name": "23207",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23207"
},
{
"name": "23208",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23208"
},
{
"name": "dotproject-phpinfo-check-obtain-info(24745)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24745"
},
{
"name": "18879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18879"
},
{
"name": "16648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16648"
},
{
"name": "ADV-2006-0604",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0604"
},
{
"name": "20060215 Re: dotproject \u003c= 2.0.1 remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/425285/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dotProject 2.0.1 and earlier leaves (1) phpinfo.php and (2) check.php accessible under the /docs/ directory after installation, which allows remote attackers to obtain sensitive configuration information. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "434",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/434"
},
{
"name": "20060214 dotproject \u003c= 2.0.1 remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424957/100/0/threaded"
},
{
"name": "23207",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23207"
},
{
"name": "23208",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23208"
},
{
"name": "dotproject-phpinfo-check-obtain-info(24745)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24745"
},
{
"name": "18879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18879"
},
{
"name": "16648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16648"
},
{
"name": "ADV-2006-0604",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0604"
},
{
"name": "20060215 Re: dotproject \u003c= 2.0.1 remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/425285/100/0/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** dotProject 2.0.1 and earlier leaves (1) phpinfo.php and (2) check.php accessible under the /docs/ directory after installation, which allows remote attackers to obtain sensitive configuration information. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "434",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/434"
},
{
"name": "20060214 dotproject \u003c= 2.0.1 remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424957/100/0/threaded"
},
{
"name": "23207",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23207"
},
{
"name": "23208",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23208"
},
{
"name": "dotproject-phpinfo-check-obtain-info(24745)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24745"
},
{
"name": "18879",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18879"
},
{
"name": "16648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16648"
},
{
"name": "ADV-2006-0604",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0604"
},
{
"name": "20060215 Re: dotproject \u003c= 2.0.1 remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425285/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0756",
"datePublished": "2006-02-18T02:00:00",
"dateReserved": "2006-02-18T00:00:00",
"dateUpdated": "2024-08-07T16:48:55.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1428 (GCVE-0-2002-1428)
Vulnerability from cvelistv5 – Published: 2003-03-18 05:00 – Updated: 2024-08-08 03:26
VLAI?
Summary
index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:26:28.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020728 php dotProject by pass authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0366.html"
},
{
"name": "dotproject-admin-access(9720)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9720.php"
},
{
"name": "5347",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5347"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-21T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020728 php dotProject by pass authentication",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0366.html"
},
{
"name": "dotproject-admin-access(9720)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9720.php"
},
{
"name": "5347",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5347"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020728 php dotProject by pass authentication",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0366.html"
},
{
"name": "dotproject-admin-access(9720)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9720.php"
},
{
"name": "5347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5347"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1428",
"datePublished": "2003-03-18T05:00:00",
"dateReserved": "2003-02-05T00:00:00",
"dateUpdated": "2024-08-08T03:26:28.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}