Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
enalean tuleap vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2014-7178
Enalean Tuleap prior to 7.5.99.6 allows remote malicious users to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.
Enalean Tuleap
1 EDB exploit
9
CVSSv2
CVE-2017-7981
Tuleap prior to 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki prior to 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap ...
Enalean Tuleap
Phpwiki Project Phpwiki 1.3.10
1 EDB exploit
7.5
CVSSv2
CVE-2018-7538
A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform prior to 9.18 allows malicious users to execute arbitrary SQL commands.
Enalean Tuleap
1 EDB exploit
6.8
CVSSv2
CVE-2018-7634
An issue exists in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, lea...
Enalean Tuleap 9.17
6.5
CVSSv2
CVE-2022-31058
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions before 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the ca...
Enalean Tuleap
6.5
CVSSv2
CVE-2021-43806
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated ma...
Enalean Tuleap
6.5
CVSSv2
CVE-2021-41154
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Co...
Enalean Tuleap
6.5
CVSSv2
CVE-2021-41155
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following vers...
Enalean Tuleap
6.5
CVSSv2
CVE-2021-41147
Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with admin rights in one agile dashboard serv...
Enalean Tuleap
6.5
CVSSv2
CVE-2021-41148
Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with the ability to add one the CI widget to ...
Enalean Tuleap
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »