CVE Tools

dotproject

Enterprise Softwareoss-project

14

Cumulative CVEs

9

Monthly snapshots

#31

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting dotproject.

CVE-2012-5702Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector actio...4.3Oct 21, 2014
CVE-2012-5701Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a c...6.8Oct 20, 2014
CVE-2011-3729dotproject 2.1.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by style/dp-gr...5.0Sep 23, 2011
CVE-2008-6747dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party infor...6.8Apr 23, 2009
CVE-2008-3887Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and (2) re...6.0Sep 2, 2008
CVE-2008-3886Multiple cross-site scripting (XSS) vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the inactive parameter in a tasks action, ...4.3Sep 2, 2008
CVE-2007-5486dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are ...6.4Oct 16, 2007
CVE-2007-3226Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006...4.3Jun 14, 2007
CVE-2006-4234PHP remote file inclusion vulnerability in classes/query.class.php in dotProject 2.0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.7.5Aug 18, 2006
CVE-2006-3240Cross-site scripting (XSS) vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.4.3Jun 27, 2006
CVE-2006-2851Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not proper...4.3Jun 6, 2006
CVE-2006-0756dotProject 2.0.1 and earlier leaves (1) phpinfo.php and (2) check.php accessible under the /docs/ directory after installation, which allows remote attackers to obtain sensitive configuration infor...5.0Feb 18, 2006
CVE-2006-0755Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in...5.6Feb 18, 2006
CVE-2006-0754dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in...5.0Feb 18, 2006
CVE-2002-1428index.php in dotProject 0.2.1.5 allows remote attackers to bypass authentication via a cookie or URL with the user_cookie parameter set to 1.10.0Mar 18, 2003