Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
o-dyn collabtive vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2013-5027
Collabtive 1.0 has incorrect access control
O-dyn Collabtive 1.0
8.8
CVSSv3
CVE-2015-0258
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive prior to 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.
O-dyn Collabtive
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
6.1
CVSSv3
CVE-2020-13655
An issue exists in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user has access to, the file and target parameters are reflected.
O-dyn Collabtive
5.4
CVSSv3
CVE-2021-3298
Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter.
O-dyn Collabtive 3.1
5.4
CVSSv3
CVE-2019-8935
Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter.
O-dyn Collabtive 3.1
NA
CVE-2014-3247
Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.php.
O-dyn Collabtive 1.2
1 EDB exploit
NA
CVE-2014-3246
SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php.
O-dyn Collabtive 1.2
1 EDB exploit
NA
CVE-2013-6872
SQL injection vulnerability in managetimetracker.php in Collabtive prior to 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action.
O-dyn Collabtive 1.0
O-dyn Collabtive 0.3.6
O-dyn Collabtive 0.2
O-dyn Collabtive 0.7.5
O-dyn Collabtive 0.6.2
O-dyn Collabtive 0.6.3
O-dyn Collabtive 0.6.5
O-dyn Collabtive 0.7
O-dyn Collabtive 0.7.6
O-dyn Collabtive 0.5.1
O-dyn Collabtive 0.4.9.1
O-dyn Collabtive 0.3.5
O-dyn Collabtive 0.1
O-dyn Collabtive 0.4.9
O-dyn Collabtive 0.4.7
O-dyn Collabtive 0.4
O-dyn Collabtive 0.2.5
O-dyn Collabtive 0.4.6
O-dyn Collabtive 0.6.4
O-dyn Collabtive 0.4.5
O-dyn Collabtive 0.4.8
O-dyn Collabtive 0.5.5
1 EDB exploit
NA
CVE-2010-5284
Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the...
O-dyn Collabtive 0.6.5
1 EDB exploit
NA
CVE-2010-5285
Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote malicious users to hijack the authentication of administrators for requests that add administrative users via the edituser action.
O-dyn Collabtive 0.6.5
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »