ultimate-weather project vulnerabilities and exploits

6.8
CVSSv2
CVE-2019-18884

index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users....

3.5
CVSSv2
CVE-2017-11182

In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable....

FairsketchRise Ultimate Project Manager
3.5
CVSSv2
CVE-2017-11181

In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable....

7.5
CVSSv2
CVE-2017-17999

SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledge_base/get_article_suggestion/....

4.3
CVSSv2
CVE-2015-2217

Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP Board (aka myUPB) before 2.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or (2) avatar parameter to profile.php....

4
CVSSv2
CVE-2013-1469

Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter....

Piwigo
4.3
CVSSv2
CVE-2015-0054

Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."...

7.5
CVSSv2
CVE-2007-6125

SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter....

SoftbizFreelancers Script
4.3
CVSSv2
CVE-2007-6124

Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter....

SoftbizFreelancers Script
4.3
CVSSv2
CVE-2011-3389

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to...

GoogleChromeMicrosoftIeWindowsMozillaFirefoxOperaOpera Browser