Vulnerabilities > Gforge
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-01-15 | CVE-2008-0173 | SQL Injection vulnerability in Gforge SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports. | 7.5 |
2007-11-08 | CVE-2007-3921 | Link Following vulnerability in Gforge 3.1/4.5.14 gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files via a symlink attack on temporary files. | 3.3 |
2007-10-05 | CVE-2007-3918 | Cross-Site Scripting vulnerability in Gforge 4.6B2 Cross-site scripting (XSS) vulnerability in account/verify.php in GForge 4.6b2 allows remote attackers to inject arbitrary web script or HTML via the confirm_hash parameter. | 4.3 |
2007-09-18 | CVE-2007-4966 | SQL Injection vulnerability in Gforge SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter. | 6.8 |
2007-09-06 | CVE-2007-3913 | Improper Input Validation vulnerability in Gforge SQL injection vulnerability in Gforge before 3.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2007-05-29 | CVE-2007-0246 | Remote Arbitrary Command Execution vulnerability in GForge plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO. network gforge | 6.8 |
2007-04-26 | CVE-2007-2298 | Remote File Include vulnerability in Garennes Repertoire_Config Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertoire_config parameter to index.php in (1) cpe/, (2) direction/, or (3) professeurs/. | 7.5 |
2007-01-11 | CVE-2007-0176 | Cross-Site Scripting vulnerability in Gforge 4.5.11 Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter. network gforge | 6.8 |
2005-12-31 | CVE-2005-1752 | Remote Arbitrary Command Execution vulnerability in GForge viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file_name parameter. | 6.4 |
2005-08-03 | CVE-2005-2431 | Remote Security vulnerability in Gforge 4.5 The (1) lost password and (2) account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail address, which allows remote attackers to send a large number of messages to arbitrary e-mail addresses (aka mail bomb). | 5.0 |