CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3304
https://notcve.org/view.php?id=CVE-2009-3304
GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorized_keys files in users' home directories, related to deb-specific/ssh_dump_update.pl and cronjobs/cvs-cron/ssh_create.php. GForge v4.5.14, v4.7 rc2, y v4.8.2 permite a usuarios locales sobrescribir ficheros de su elección mediante un ataque de enlace simbólico en ficheros authorized_keys en los directorios de inicio de los usuarios, estando relacionado con deb-specific/ssh_dump_update.pl y cronjobs/cvs-cron/ssh_create.php. • http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch13.diff.gz http://www.debian.org/security/2009/dsa-1945 http://www.securityfocus.com/bid/37195 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-4070
https://notcve.org/view.php?id=CVE-2009-4070
SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly other versions allows remote attackers to execute arbitrary SQL commands via unknown vectors. Vulnerabilidad de inyección SQL en GForge v4.5.14, v4.7.3, y probablemente otras versiones permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores desconocidos. • http://secunia.com/advisories/35458 http://www.debian.org/security/2009/dsa-1818 http://www.securityfocus.com/bid/35424 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2009-4069
https://notcve.org/view.php?id=CVE-2009-4069
Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14, 4.7.3, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en GForge v4.5.14, v4.7.3, y probablemente otras versiones permite a atacantes remotos inyectar código web o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/35458 http://www.debian.org/security/2009/dsa-1818 http://www.securityfocus.com/bid/35424 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3303
https://notcve.org/view.php?id=CVE-2009-3303
Cross-site scripting (XSS) vulnerability in www/help/tracker.php in GForge 4.5.14, 4.7 rc2, and 4.8.1 allows remote attackers to inject arbitrary web script or HTML via the helpname parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en www/help/tracker.php en GForge v4.5.14, v4.7 rc2, y v4.8.1 permite a atacantes remotos inyectar código web o HTML a su elección a través del parámetro helpname. • http://secunia.com/advisories/37450 http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch12.diff.gz http://www.debian.org/security/2009/dsa-1937 http://www.securityfocus.com/bid/37088 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 3CVE-2008-6188 – Gforge 4.6 rc1 - 'skill_edit' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6188
SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter. Vulnerabilidad de inyección SQL en people/editprofile.php en Gforge 4.6 rc1 y anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "skill_edit[]". • https://www.exploit-db.com/exploits/6708 http://gforge.org/tracker/index.php?func=detail&aid=5554&group_id=1&atid=105 http://secunia.com/advisories/32217 http://www.securityfocus.com/bid/31674 https://exchange.xforce.ibmcloud.com/vulnerabilities/48851 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •