Shodan
Vulnerabilities
Vulnerable Software
Gforge:  >> Gforge  Security Vulnerabilities
CVE-2007-3921
gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files via a symlink attack on temporary files.
CVSS Score
3.3
EPSS Score
0.0
Published
2007-11-08
CVE-2007-3918
Cross-site scripting (XSS) vulnerability in account/verify.php in GForge 4.6b2 allows remote attackers to inject arbitrary web script or HTML via the confirm_hash parameter.
CVSS Score
4.3
EPSS Score
0.005
Published
2007-10-05
CVE-2007-4966
SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter.
CVSS Score
6.8
EPSS Score
0.009
Published
2007-09-18
CVE-2007-3913
SQL injection vulnerability in Gforge before 3.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.003
Published
2007-09-06
CVE-2007-0246
plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO.
CVSS Score
6.8
EPSS Score
0.007
Published
2007-05-29
CVE-2007-0176
Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter.
CVSS Score
6.8
EPSS Score
0.023
Published
2007-01-11
CVE-2005-1752
viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file_name parameter.
CVSS Score
6.4
EPSS Score
0.131
Published
2005-12-31
CVE-2005-2430
Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id or (2) group_id parameter to forum.php, (3) project_task_id parameter to task.php, (4) id parameter to detail.php, (5) the text field on the search page, (6) group_id parameter to qrs.php, (7) form, (8) rows, (9) cols or (10) wrap parameter to notepad.php, or the login field on the login form.
CVSS Score
4.3
EPSS Score
0.013
Published
2005-08-03
CVE-2005-2431
The (1) lost password and (2) account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail address, which allows remote attackers to send a large number of messages to arbitrary e-mail addresses (aka mail bomb).
CVSS Score
5.0
EPSS Score
0.007
Published
2005-08-03
CVE-2005-0299
Directory traversal vulnerability in GForge 3.3 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the (1) dir parameter to controller.php or (2) dir_name parameter to controlleroo.php.
CVSS Score
5.0
EPSS Score
0.005
Published
2005-05-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved