CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 2CVE-2017-7981 – Tuleap Project Wiki 8.3 < 9.6.99.86 - Command Injection
https://notcve.org/view.php?id=CVE-2017-7981
Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap user can control this value, even with shell metacharacters, as demonstrated by a '<?plugin SyntaxHighlighter syntax="c;id"' line to execute the id command. Tuleap en versiones anteriores a 9.7 permite la inyección de comandos a través del plugin PhpWiki 1.3.10 SyntaxHighlighter. Esto ocurre en el componente Project Wiki porque la función PHP de proc_open se usa dentro de PhpWiki antes de la version 1.5.5 con un valor de sintaxis en su primer argumento y un usuario Tuleap autenticado puede controlar este valor, incluso con los metacaracteres de shell, como lo demuestra una línea ' Tuleap versions between 8.3 and 9.6.99.86 suffer from a remote command injection vulnerability. • https://www.exploit-db.com/exploits/41953 https://github.com/xdrr/vulnerability-research/blob/master/webapp/tuleap/2017.04.tuleap-auth-ci.md https://tuleap.net/file/shownotes.php?release_id=137#/linked-artifacts https://tuleap.net/plugins/tracker/?aid=10159 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.0EPSS: 33%CPEs: 1EXPL: 4CVE-2014-8791 – Tuleap - PHP Unserialize Code Execution
https://notcve.org/view.php?id=CVE-2014-8791
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter. project/register.php en Tuleap anterior a 7.7, cuando sys_create_project_in_one_step está deshabilitado, permite a usuarios remotos autenticados realizar ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través del parámetro data. Tuleap versions 7.6-4 and below suffer from a PHP object injection vulnerability in register.php. • https://www.exploit-db.com/exploits/35545 http://karmainsecurity.com/KIS-2014-13 http://packetstormsecurity.com/files/129309/Tuleap-7.6-4-PHP-Object-Injection.html http://seclists.org/fulldisclosure/2014/Nov/101 http://www.securityfocus.com/archive/1/534105/100/0/threaded http://www.securityfocus.com/bid/71335 https://tuleap.net/plugins/tracker/?aid=7601 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 4%CPEs: 1EXPL: 3CVE-2014-7178 – Enalean Tuleap 7.4.99.5 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2014-7178
Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function. Enalean Tuleap anterior a 7.5.99.6 permite a atacantes remotos ejecutar comandos arbitrarios a través de la cabecera User-Agent, la cual está proporcionada en la función passthru PHP. Enalean Tuleap versions 7.4.99.5 and below suffer from a remote command execution vulnerability. • https://www.exploit-db.com/exploits/35100 http://seclists.org/fulldisclosure/2014/Oct/121 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7178 https://www.tuleap.org/recent-vulnerabilities • CWE-20: Improper Input Validation •
CVSS: 4.0EPSS: 1%CPEs: 1EXPL: 3CVE-2014-7177 – Enalean Tuleap 7.2 - XML External Entity File Disclosure
https://notcve.org/view.php?id=CVE-2014-7177
XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/. Vulnerabilidad de entidad externa XML en Enalean Tuleap 7.2 y anteriores permite a usuarios remotos autenticados leer ficheros arbitrarios a través de un documento xml manipulado en una acción create en plugins/tracker/. Enalean Tuleap versions 7.2 and below suffer from an external XML entity injection vulnerability. • https://www.exploit-db.com/exploits/35099 http://seclists.org/fulldisclosure/2014/Oct/120 http://www.osvdb.org/113680 http://www.securityfocus.com/bid/70771 https://exchange.xforce.ibmcloud.com/vulnerabilities/98308 https://tuleap.net/plugins/git/tuleap/tuleap/stable?p=tuleap%2Fstable.git&a=blob&h=aed26cbae81410a981c4615bd7da1518f31c50d0&hb=29cbe3557a07c74f3d910648b8c5307e8faef65a&f=ChangeLog https://tuleap.net/plugins/tracker/?aid=7458 https://www.portcullis-security.com/security-research-and-downloads/security-a •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 7CVE-2014-7176 – Enalean Tuleap 7.4.99.5 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2014-7176
SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman. Vulnerabilidad de inyección SQL en Enalean Tuleap en versiones anteriores a 7.5.99.4 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro lobal_txt en plugins/docman. Enalean Tuleap versions 7.4.99.5 and below suffer from a remote, authenticated blind SQL injection vulnerability. • https://www.exploit-db.com/exploits/35098 https://www.exploit-db.com/exploits/35099 http://packetstormsecurity.com/files/128875/Tuleap-7.4.99.5-Blind-SQL-Injection.html http://seclists.org/fulldisclosure/2014/Oct/119 http://www.exploit-db.com/exploits/35098 http://www.securityfocus.com/bid/70773 https://exchange.xforce.ibmcloud.com/vulnerabilities/98307 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7176 https://www.tuleap.org/recent-vulne • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •