Dotproject
Products
1- 15 CVEs
Recent CVEs
15| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-0755 | Med | 0.40 | 5.6 | 0.08 | Feb 18, 2006 | Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5)… | ||
| CVE-2012-5702 | 0.03 | — | 0.02 | Oct 21, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in… | |||
| CVE-2012-5701 | 0.03 | — | 0.01 | Oct 20, 2014 | Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[]… | |||
| CVE-2006-4234 | 0.03 | — | 0.06 | Aug 18, 2006 | PHP remote file inclusion vulnerability in classes/query.class.php in dotProject 2.0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter. | |||
| CVE-2002-1428 | 0.03 | — | 0.06 | Apr 11, 2003 | index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1. | |||
| CVE-2011-3729 | 0.00 | — | 0.01 | Sep 23, 2011 | dotproject 2.1.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by style/dp-grey-theme/footer.php and certain other files. | |||
| CVE-2008-6747 | 0.00 | — | 0.01 | Apr 23, 2009 | dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-3887 | 0.00 | — | 0.01 | Sep 2, 2008 | Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and (2) remote authenticated administrators to execute arbitrary SQL commands via the… | |||
| CVE-2008-3886 | 0.00 | — | 0.01 | Sep 2, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the inactive parameter in a tasks action, (2) the date parameter in a calendar day_view action, (3) the callback parameter… | |||
| CVE-2007-5486 | 0.00 | — | 0.01 | Oct 16, 2007 | dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information. | |||
| CVE-2007-3226 | 0.00 | — | 0.01 | Jun 14, 2007 | Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-2851 and CVE-2006-3240. | |||
| CVE-2006-3240 | 0.00 | — | 0.02 | Jun 27, 2006 | Cross-site scripting (XSS) vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter. | |||
| CVE-2006-2851 | 0.00 | — | 0.01 | Jun 6, 2006 | Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer. | |||
| CVE-2006-0756 | 0.00 | — | 0.02 | Feb 18, 2006 | dotProject 2.0.1 and earlier leaves (1) phpinfo.php and (2) check.php accessible under the /docs/ directory after installation, which allows remote attackers to obtain sensitive configuration information. NOTE: the vendor disputes this issue, saying that it could only occur if… | |||
| CVE-2006-0754 | 0.00 | — | 0.02 | Feb 18, 2006 | dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could… |
- risk 0.40cvss 5.6epss 0.08
Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5)…
- CVE-2012-5702Oct 21, 2014risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in…
- CVE-2012-5701Oct 20, 2014risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[]…
- CVE-2006-4234Aug 18, 2006risk 0.03cvss —epss 0.06
PHP remote file inclusion vulnerability in classes/query.class.php in dotProject 2.0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.
- CVE-2002-1428Apr 11, 2003risk 0.03cvss —epss 0.06
index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1.
- CVE-2011-3729Sep 23, 2011risk 0.00cvss —epss 0.01
dotproject 2.1.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by style/dp-grey-theme/footer.php and certain other files.
- CVE-2008-6747Apr 23, 2009risk 0.00cvss —epss 0.01
dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information.
- CVE-2008-3887Sep 2, 2008risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and (2) remote authenticated administrators to execute arbitrary SQL commands via the…
- CVE-2008-3886Sep 2, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the inactive parameter in a tasks action, (2) the date parameter in a calendar day_view action, (3) the callback parameter…
- CVE-2007-5486Oct 16, 2007risk 0.00cvss —epss 0.01
dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information.
- CVE-2007-3226Jun 14, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-2851 and CVE-2006-3240.
- CVE-2006-3240Jun 27, 2006risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.
- CVE-2006-2851Jun 6, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer.
- CVE-2006-0756Feb 18, 2006risk 0.00cvss —epss 0.02
dotProject 2.0.1 and earlier leaves (1) phpinfo.php and (2) check.php accessible under the /docs/ directory after installation, which allows remote attackers to obtain sensitive configuration information. NOTE: the vendor disputes this issue, saying that it could only occur if…
- CVE-2006-0754Feb 18, 2006risk 0.00cvss —epss 0.02
dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could…