Vulnerabilities > Enalean > Tuleap > 6.5

DATE CVE VULNERABILITY TITLE RISK
2018-09-21 CVE-2018-17298 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Enalean Tuleap
An issue was discovered in Enalean Tuleap before 10.5.
network
low complexity
enalean CWE-640
5.0
5.0
2018-03-12 CVE-2018-7538 SQL Injection vulnerability in Enalean Tuleap
A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands.
network
low complexity
enalean CWE-89
7.5
7.5
2017-10-30 CVE-2017-7411 Code Injection vulnerability in Enalean Tuleap
An issue was discovered in Enalean Tuleap 9.6 and prior versions.
network
low complexity
enalean CWE-94
6.5
6.5
2017-04-29 CVE-2017-7981 OS Command Injection vulnerability in multiple products
Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin.
network
low complexity
enalean phpwiki-project CWE-78
critical
 9.0
9.0
2014-11-28 CVE-2014-7178 Improper Input Validation vulnerability in Enalean Tuleap
Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.
network
enalean CWE-20
critical
 9.3
9.3
2014-11-04 CVE-2014-7176 SQL Injection vulnerability in Enalean Tuleap
SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman.
network
low complexity
enalean CWE-89
6.5
6.5
2014-10-31 CVE-2014-7177 XML External Entity Information Disclosure vulnerability in Enalean Tuleap
XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.
network
low complexity
enalean
4.0
4.0