Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
flyspray vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2008-1165
Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 up to and including 0.9.9.4 allow remote malicious users to inject arbitrary web script or HTML via (1) a forced SQL error message or (2) old_value and new_value database fields in task summaries, related to th...
Flyspray Flyspray 0.9.9
Flyspray Flyspray 0.9.9.1
Flyspray Flyspray 0.9.9.4
Flyspray Flyspray 0.9.9.2
Flyspray Flyspray 0.9.9.3
445
VMScore
CVE-2008-1166
Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote malicious users to enumerate usernames.
Flyspray Flyspray 0.9.9
Flyspray Flyspray 0.9.9.1
Flyspray Flyspray 0.9.9.2
Flyspray Flyspray 0.9.9.3
Flyspray Flyspray 0.9.9.4
383
VMScore
CVE-2007-6461
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 up to and including 0.9.9.3 allow remote malicious users to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; and (2) t...
Flyspray Flyspray 0.9.9
Flyspray Flyspray 0.9.9.1
Flyspray Flyspray 0.9.9.2
Flyspray Flyspray 0.9.9.3
435
VMScore
CVE-2005-3334
Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 up to and including 0.9.8 (devel) allows remote malicious users to inject arbitrary web script or HTML via the (1) PHPSESSID, (2) task, (3) string, (4) type, (5) serv, (6) due, (7) dev, and (8) sort2 paramete...
Flyspray Flyspray 0.9.7
Flyspray Flyspray 0.9.8
1 EDB exploit
312
VMScore
CVE-2017-15213
Stored XSS vulnerability in Flyspray prior to 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.
Flyspray Flyspray
505
VMScore
CVE-2006-0714
Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote malicious users to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter.
Flyspray Flyspray 0.9.7
1 EDB exploit
312
VMScore
CVE-2017-15214
Stored XSS vulnerability in Flyspray 1.0-rc4 prior to 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/d...
Flyspray Flyspray 1.0
605
VMScore
CVE-2007-1788
Flyspray 0.9.9, when output_buffering is disabled or "set to a low value," allows remote malicious users to bypass authentication via a crafted post request.
Flyspray Flyspray 0.9.9
605
VMScore
CVE-2007-1789
Flyspray 0.9.9 allows remote malicious users to obtain sensitive information (private project summaries) via direct requests.
Flyspray Flyspray 0.9.9
605
VMScore
CVE-2012-1058
Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 allows remote malicious users to hijack the authentication of admins for requests that add admin accounts via an admin.newuser action to index.php.
Flyspray Flyspray 0.9.9.6
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »