CVE-2008-0173
https://notcve.org/view.php?id=CVE-2008-0173
SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports. Vulnerabilidad de inyección SQL en Gforge 4.6.99 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través de parámetro no especificados, relacionado con la exportación de RSS. • http://secunia.com/advisories/28395 http://secunia.com/advisories/28451 http://www.debian.org/security/2008/dsa-1459 http://www.securityfocus.com/bid/27266 http://www.vupen.com/english/advisories/2008/0115 https://exchange.xforce.ibmcloud.com/vulnerabilities/39666 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2007-3921
https://notcve.org/view.php?id=CVE-2007-3921
gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files via a symlink attack on temporary files. gforge 3.1 y 4.5.14 permite a usuarios locales truncar archivos de su elección mediante un ataque de enlace simbólico (symlink attack) sobre archivos temporales. • http://osvdb.org/42117 http://secunia.com/advisories/27549 http://secunia.com/advisories/27586 http://www.debian.org/security/2007/dsa-1402 http://www.securityfocus.com/bid/26373 http://www.vupen.com/english/advisories/2007/3773 https://exchange.xforce.ibmcloud.com/vulnerabilities/38329 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2007-3918
https://notcve.org/view.php?id=CVE-2007-3918
Cross-site scripting (XSS) vulnerability in account/verify.php in GForge 4.6b2 allows remote attackers to inject arbitrary web script or HTML via the confirm_hash parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en account/verify.php de GForge 4.6b2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro confirm_hash. • http://gforge.org/scm/viewvc.php/trunk/gforge/www/account/verify.php?root=gforge&r1=5967&r2=6092 http://gforge.org/tracker/?func=detail&atid=105&aid=3094&group_id=1 http://secunia.com/advisories/27042 http://secunia.com/advisories/27046 http://www.debian.org/security/2007/dsa-1383 http://www.securityfocus.com/bid/25923 http://www.vupen.com/english/advisories/2007/3356 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-4966 – GForge < 4.6b2 - 'skill_delete' SQL Injection
https://notcve.org/view.php?id=CVE-2007-4966
SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter. Vulnerabilidad de inyección SQL en www/people/editprofile.php de GForge 4.6b2 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro skill_delete[]. • https://www.exploit-db.com/exploits/4404 http://secunia.com/advisories/26803 http://www.portcullis.co.uk/179.php http://www.securityfocus.com/bid/25665 http://www.vupen.com/english/advisories/2007/3174 https://exchange.xforce.ibmcloud.com/vulnerabilities/48844 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2007-3913 – GForge < 4.6b2 - 'skill_delete' SQL Injection
https://notcve.org/view.php?id=CVE-2007-3913
SQL injection vulnerability in Gforge before 3.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el Gforge en versiones anteriores a la 3.1 permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores sin especificar. • https://www.exploit-db.com/exploits/4404 http://secunia.com/advisories/26723 http://www.debian.org/security/2007/dsa-1369 http://www.securityfocus.com/bid/25585 https://exchange.xforce.ibmcloud.com/vulnerabilities/36505 • CWE-20: Improper Input Validation CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •