Vulnerabilities > Perforce

DATE CVE VULNERABILITY TITLE RISK
2021-04-13 CVE-2021-28973 XXE vulnerability in Perforce Helix ALM 2020.3.1
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.
network
low complexity
perforce CWE-611
4.0
2020-02-12 CVE-2013-1410 Cross-site Scripting vulnerability in Perforce P4Web 2011.1/2012.1
Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities
network
perforce CWE-79
4.3
2018-04-05 CVE-2018-1000147 Information Exposure vulnerability in Perforce
An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them
network
low complexity
perforce CWE-200
4.0
2010-03-05 CVE-2010-0935 Permissions, Privileges, and Access Controls vulnerability in Perforce Server
Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command.
network
high complexity
perforce CWE-264
4.6
2010-03-05 CVE-2010-0934 OS Command Injection vulnerability in Perforce Server 2008.1
The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script.
network
high complexity
perforce CWE-78
7.1
2010-03-05 CVE-2010-0933 Path Traversal vulnerability in Perforce Server 2008.1
Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a ..
network
low complexity
perforce CWE-22
6.8
2010-03-05 CVE-2010-0932 Improper Input Validation vulnerability in Perforce Server 2008.1
The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command.
network
low complexity
perforce CWE-20
5.0
2010-03-05 CVE-2010-0931 Improper Input Validation vulnerability in Perforce Server 2008.1
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data, possibly involving a large sndbuf value.
network
low complexity
perforce CWE-20
5.0
2010-03-05 CVE-2010-0930 Resource Management Errors vulnerability in Perforce Server 2008.1
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (infinite loop) via crafted data that includes a byte sequence of 0xdc, 0xff, 0xff, and 0xff immediately before the client protocol version number.
network
low complexity
perforce CWE-399
5.0
2010-03-05 CVE-2010-0929 Improper Input Validation vulnerability in Perforce Server 2008.1
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data beginning with a byte sequence of 0x4c, 0xb3, 0xff, 0xff, and 0xff.
network
low complexity
perforce CWE-20
5.0