CVE-2008-6188 – Gforge 4.6 rc1 - 'skill_edit' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6188
SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter. Vulnerabilidad de inyección SQL en people/editprofile.php en Gforge 4.6 rc1 y anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "skill_edit[]". • https://www.exploit-db.com/exploits/6708 http://gforge.org/tracker/index.php?func=detail&aid=5554&group_id=1&atid=105 http://secunia.com/advisories/32217 http://www.securityfocus.com/bid/31674 https://exchange.xforce.ibmcloud.com/vulnerabilities/48851 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-6187 – GForge 4.5.19 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2008-6187
SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and earlier allows remote attackers to execute arbitrary SQL commands via the release_id parameter. Vulnerabilidad de inyección SQL en frs/shownotes.php en Gforge v4.5.19 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "release_id". • https://www.exploit-db.com/exploits/6707 http://gforge.org/tracker/index.php?func=detail&aid=5553&group_id=1&atid=105 http://secunia.com/advisories/32217 http://www.securityfocus.com/bid/31674 https://exchange.xforce.ibmcloud.com/vulnerabilities/45811 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-0173
https://notcve.org/view.php?id=CVE-2008-0173
SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports. Vulnerabilidad de inyección SQL en Gforge 4.6.99 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través de parámetro no especificados, relacionado con la exportación de RSS. • http://secunia.com/advisories/28395 http://secunia.com/advisories/28451 http://www.debian.org/security/2008/dsa-1459 http://www.securityfocus.com/bid/27266 http://www.vupen.com/english/advisories/2008/0115 https://exchange.xforce.ibmcloud.com/vulnerabilities/39666 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2007-3921
https://notcve.org/view.php?id=CVE-2007-3921
gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files via a symlink attack on temporary files. gforge 3.1 y 4.5.14 permite a usuarios locales truncar archivos de su elección mediante un ataque de enlace simbólico (symlink attack) sobre archivos temporales. • http://osvdb.org/42117 http://secunia.com/advisories/27549 http://secunia.com/advisories/27586 http://www.debian.org/security/2007/dsa-1402 http://www.securityfocus.com/bid/26373 http://www.vupen.com/english/advisories/2007/3773 https://exchange.xforce.ibmcloud.com/vulnerabilities/38329 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2007-4966 – GForge < 4.6b2 - 'skill_delete' SQL Injection
https://notcve.org/view.php?id=CVE-2007-4966
SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter. Vulnerabilidad de inyección SQL en www/people/editprofile.php de GForge 4.6b2 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro skill_delete[]. • https://www.exploit-db.com/exploits/4404 http://secunia.com/advisories/26803 http://www.portcullis.co.uk/179.php http://www.securityfocus.com/bid/25665 http://www.vupen.com/english/advisories/2007/3174 https://exchange.xforce.ibmcloud.com/vulnerabilities/48844 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •