CVE Tools

gforge

DevTools & CIoss-project

17

Cumulative CVEs

11

Monthly snapshots

#28

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting gforge.

CVE-2019-10016GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring.6.1Mar 25, 2019
CVE-2009-3304GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite arbitrary files via a symlink attack on authorized_keys files in users' home directories, related to deb-specific/ssh_dump_update.p...3.3Dec 4, 2009
CVE-2009-4070SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly other versions allows remote attackers to execute arbitrary SQL commands via unknown vectors.7.5Nov 24, 2009
CVE-2009-4069Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14, 4.7.3, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.4.3Nov 24, 2009
CVE-2009-3303Cross-site scripting (XSS) vulnerability in www/help/tracker.php in GForge 4.5.14, 4.7 rc2, and 4.8.1 allows remote attackers to inject arbitrary web script or HTML via the helpname parameter.4.3Nov 24, 2009
CVE-2008-6189SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, w...7.5Feb 19, 2009
CVE-2008-6188SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter.7.5Feb 19, 2009
CVE-2008-6187SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and earlier allows remote attackers to execute arbitrary SQL commands via the release_id parameter.7.5Feb 19, 2009
CVE-2008-2381SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable.7.5Jan 2, 2009
CVE-2008-0167The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass int...4.6May 18, 2008
CVE-2008-0173SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports.7.5Jan 15, 2008
CVE-2007-3921gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files via a symlink attack on temporary files.3.3Nov 8, 2007
CVE-2007-3918Cross-site scripting (XSS) vulnerability in account/verify.php in GForge 4.6b2 allows remote attackers to inject arbitrary web script or HTML via the confirm_hash parameter.4.3Oct 5, 2007
CVE-2007-4966SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter.6.8Sep 18, 2007
CVE-2007-3913SQL injection vulnerability in Gforge before 3.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.7.5Sep 6, 2007