CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2013-5027
https://notcve.org/view.php?id=CVE-2013-5027
27 Dec 2019 — Collabtive 1.0 has incorrect access control Collabtive versión 1.0, tiene un control de acceso incorrecto. • https://www.immuniweb.com/advisory/HTB23169 • CWE-269: Improper Privilege Management •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2019-8935 – Collabtive 3.1 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-8935
30 Jan 2019 — Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter. La versión 3.1 de Collabtive permite Cross-Site Scripting (XSS) mediante el parámetro id en manageuser.php?action=profile. Collabtive version 3.1 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/151403 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 2CVE-2018-16242 – oBike Electronic Lock Bypass
https://notcve.org/view.php?id=CVE-2018-16242
13 Sep 2018 — oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol. oBike depende de Hangzhou Luoping Smart Locker para bloquear bicicletas, lo que permite que los atacantes omitan el mecanismo de bloqueo mediante el uso de Bluetooth Low Energy (BLE) para reproducir texto cifrado en base a un nonce predecible empleado en el protocolo de bloque... • https://packetstorm.news/files/id/149357 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 2CVE-2015-0258 – Ubuntu Security Notice USN-4590-1
https://notcve.org/view.php?id=CVE-2015-0258
28 Sep 2015 — Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension. Múltiples vulnerabilidades de lista negra incompletas en la funcionalidad de carga de avatar en el archivo manageuser.php en Collabtive versiones anteriores a 2.1, permiten a los usuarios autenticados remotos ejecutar código arbitrario mediante... • https://packetstorm.news/files/id/133736 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0869
https://notcve.org/view.php?id=CVE-2015-0869
01 Feb 2015 — I-O DATA DEVICE NP-BBRM routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. Los routers I-O DATA DEVICE NP-BBRM permiten a atacantes remotos causar una denegación de servicio (reflección SSDP) a través de solicitudes UPnP. • http://jvn.jp/en/jp/JVN27142693/index.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7634
https://notcve.org/view.php?id=CVE-2014-7634
21 Oct 2014 — The Adopt O Pet (aka com.wFindAPet) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android Adopt O Pet (también conocido como com.wFindAPet) 0.1 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/537881 • CWE-310: Cryptographic Issues •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2014-3247 – Collabtive 1.2 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-3247
15 May 2014 — Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.php. Vulnerabilidad de XSS en Collabtive 1.2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro desc en una acción Add Project (addpro) hacia admin.php. • https://www.exploit-db.com/exploits/33250 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 4CVE-2014-3246 – Collabtive 1.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2014-3246
08 May 2014 — SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php. Vulnerabilidad de inyección SQL en Collabtive 1.2 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro folder en una acción fileview_list hacia manageajax.php. Collabtive version 1.12 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/126554 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 6CVE-2013-6872 – Collabtive 1.1 - 'managetimetracker.php' SQL Injection
https://notcve.org/view.php?id=CVE-2013-6872
14 Jan 2014 — SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action. Vulnerabilidad de inyección de SQL en managetimetracker.php de Collabtive anterior a la versión 1.2 permite a usuarios autenticados ejecutar comandos SQL arbitrarios a través del parámetro id en una acción projectpdf. Collabtive version 1.1 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/124777 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2010-5285 – Collabtive 0.65 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-5285
26 Nov 2012 — Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via the edituser action. Una vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en admin.php en Collabtive v0.6.5 permite a atacantes remotos secuestrar la autenticación de los administradores de las solicitudes que crean os usuarios administrativos a través de la acción editUser. • https://www.exploit-db.com/exploits/15240 • CWE-352: Cross-Site Request Forgery (CSRF) •