Shodan
Vulnerabilities
Vulnerable Software
Gforge:  Security Vulnerabilities
CVE-2008-0173
SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports.
CVSS Score
7.5
EPSS Score
0.006
Published
2008-01-15
CVE-2007-3921
gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files via a symlink attack on temporary files.
CVSS Score
3.3
EPSS Score
0.0
Published
2007-11-08
CVE-2007-3918
Cross-site scripting (XSS) vulnerability in account/verify.php in GForge 4.6b2 allows remote attackers to inject arbitrary web script or HTML via the confirm_hash parameter.
CVSS Score
4.3
EPSS Score
0.005
Published
2007-10-05
CVE-2007-4966
SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter.
CVSS Score
6.8
EPSS Score
0.009
Published
2007-09-18
CVE-2007-3913
SQL injection vulnerability in Gforge before 3.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.003
Published
2007-09-06
CVE-2007-0246
plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO.
CVSS Score
6.8
EPSS Score
0.007
Published
2007-05-29
CVE-2007-2298
Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertoire_config parameter to index.php in (1) cpe/, (2) direction/, or (3) professeurs/.
CVSS Score
7.5
EPSS Score
0.026
Published
2007-04-26
CVE-2007-0176
Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter.
CVSS Score
6.8
EPSS Score
0.023
Published
2007-01-11
CVE-2005-1752
viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file_name parameter.
CVSS Score
6.4
EPSS Score
0.131
Published
2005-12-31
CVE-2005-2430
Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id or (2) group_id parameter to forum.php, (3) project_task_id parameter to task.php, (4) id parameter to detail.php, (5) the text field on the search page, (6) group_id parameter to qrs.php, (7) form, (8) rows, (9) cols or (10) wrap parameter to notepad.php, or the login field on the login form.
CVSS Score
4.3
EPSS Score
0.013
Published
2005-08-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved