Page 4 of 22 results (0.005 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php. ProjectSend (anteriormente cFTP) r582 permite la referencia directa insegura a objetos mediante includes/actions.log.export.php. • https://github.com/sandboxescape/ProjectSend-multiple-vulnerabilities • CWE-285: Improper Authorization •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in a Site name updated. Vulnerabilidad de Cross-Site Scripting (XSS) en ProjectSend (anteriormente cFTP) en versiones anteriores al commit con ID 6c3710430be26feb5371cb0377e5355d6f9a27ca permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el campo Description en un nombre de sitio actualizado. • https://github.com/ignacionelson/ProjectSend/compare/448/commits https://github.com/ignacionelson/ProjectSend/pull/448/commits/6c3710430be26feb5371cb0377e5355d6f9a27ca • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in My account Name updated, related to home.php and actions-log.php. Vulnerabilidad de Cross-Site Scripting (XSS) en ProjectSend (anteriormente cFTP) en versiones anteriores al commit con ID 6c3710430be26feb5371cb0377e5355d6f9a27ca permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el campo Description en un nombre actualizado en My account. Esto se relaciona con home.php y actions-log.php. • https://github.com/ignacionelson/ProjectSend/pull/448/commits/6c3710430be26feb5371cb0377e5355d6f9a27ca • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file. install/make-config.php en ProjectSend r754 permite que atacantes remotos ejecuten código PHP arbitrario mediante el parámetro dbprefix. Esto está relacionado con el reemplazo de TABLES_PREFIX en el archivo de configuración. • https://github.com/XiaoZhis/ProjectSend/issues/1 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 5

SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php. Vulnerabilidad de inyección SQL en client-edit.php en ProjectSend (anteriormente cFTP) r561 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro id a users-edit.php. • https://www.exploit-db.com/exploits/36303 http://osvdb.org/show/osvdb/119169 http://packetstormsecurity.com/files/130691/ProjectSend-r561-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Mar/30 http://www.exploit-db.com/exploits/36303 http://www.itas.vn/news/itas-team-found-out-a-SQL-Injection-vulnerability-in-projectsend-r561-76.html http://www.securityfocus.com/archive/1/534832/100/0/threaded • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •