Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redmine vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2015-8474
Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine prior to 2.6.7, 3.0.x prior to 3.0.5, and 3.1.x prior to 3.1.1 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks vi...
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Redmine Redmine 3.1.0
Redmine Redmine 3.0.4
Redmine Redmine 3.0.3
Redmine Redmine 2.5.1
Redmine Redmine 3.0.0
Redmine Redmine 3.0.2
Redmine Redmine 3.0.1
Redmine Redmine
5
CVSSv2
CVE-2015-8537
app/views/journals/index.builder in Redmine prior to 2.6.9, 3.0.x prior to 3.0.7, and 3.1.x prior to 3.1.3 allows remote malicious users to obtain sensitive information by viewing an Atom feed.
Debian Debian Linux 8.0
Redmine Redmine
Redmine Redmine 3.0.3
Redmine Redmine 3.0.0
Redmine Redmine 3.1.2
Redmine Redmine 3.1.1
Redmine Redmine 3.0.6
Redmine Redmine 3.0.5
Redmine Redmine 3.1.0
Redmine Redmine 3.0.4
Redmine Redmine 3.0.2
Redmine Redmine 3.0.1
7.5
CVSSv2
CVE-2013-4663
git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote malicious users to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exist...
Redmine Redmine Git Hosting Plugin -
5.8
CVSSv2
CVE-2014-1985
Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine prior to 2.4.5 and 2.5.x prior to 2.5.1 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in th...
Redmine Redmine 2.4.2
Redmine Redmine 2.4.1
Redmine Redmine
Redmine Redmine 2.4.3
Redmine Redmine 2.4.0
Redmine Redmine 2.5.0
4.3
CVSSv2
CVE-2011-4928
Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine prior to 1.0.5 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Redmine Redmine
Redmine Redmine 0.9.3
Redmine Redmine 0.7.2
Redmine Redmine 0.9.4
Redmine Redmine 0.9.1
Redmine Redmine 0.9.2
Redmine Redmine 0.8.2
Redmine Redmine 0.9.0
Redmine Redmine 0.8.6
Redmine Redmine 1.0.2
Redmine Redmine 1.0.0
Redmine Redmine 0.4.1
Redmine Redmine 0.5.0
Redmine Redmine 0.6.4
Redmine Redmine 0.9.5
Redmine Redmine 0.3.0
Redmine Redmine 0.4.0
Redmine Redmine 0.8.1
Redmine Redmine 0.8.0
Redmine Redmine 0.2.1
Redmine Redmine 0.6.0
Redmine Redmine 0.6.1
7.5
CVSSv2
CVE-2011-4929
Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x prior to 1.0.5 allows remote malicious users to execute arbitrary commands via unknown vectors.
Redmine Redmine 0.9.4
Redmine Redmine 0.9.2
Redmine Redmine 1.0.3
Redmine Redmine 0.9.6
Redmine Redmine 0.9.0
Redmine Redmine 1.0.0
Redmine Redmine 1.0.1
Redmine Redmine 0.9.3
Redmine Redmine 0.9.1
Redmine Redmine 0.9.5
Redmine Redmine 1.0.2
Redmine Redmine 1.0.4
1 EDB exploit
4
CVSSv2
CVE-2011-4927
Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x prior to 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors.
Redmine Redmine 1.0.3
Redmine Redmine 1.0.4
Redmine Redmine 1.0.1
Redmine Redmine 1.0.0
Redmine Redmine 1.0.2
4.3
CVSSv2
CVE-2012-0327
Cross-site scripting (XSS) vulnerability in Redmine prior to 1.3.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Redmine Redmine 0.6.0
Redmine Redmine 0.6.1
Redmine Redmine 0.9.3
Redmine Redmine 0.6.2
Redmine Redmine 0.6.3
Redmine Redmine 0.9.4
Redmine Redmine 0.9.1
Redmine Redmine 0.7.1
Redmine Redmine 0.1.0
Redmine Redmine 0.9.0
Redmine Redmine 0.8.6
Redmine Redmine 0.7.3
Redmine Redmine 1.1.0
Redmine Redmine 1.0.5
Redmine Redmine 1.2.2
Redmine Redmine 1.2.3
Redmine Redmine 1.0.1
Redmine Redmine 1.0.2
Redmine Redmine 0.5.0
Redmine Redmine 0.5.1
Redmine Redmine 0.7.0
Redmine Redmine 0.9.5
5
CVSSv2
CVE-2012-2054
Redmine prior to 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote malicious users to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEn...
Redmine Redmine 0.6.0
Redmine Redmine 0.5.1
Redmine Redmine 0.9.3
Redmine Redmine 0.7.0
Redmine Redmine 0.7.1
Redmine Redmine 0.8.0
Redmine Redmine 1.1.1
Redmine Redmine 0.8.4
Redmine Redmine 0.3.0
Redmine Redmine 0.2.2
Redmine Redmine 0.7.3
Redmine Redmine 1.2.1
Redmine Redmine 1.1.3
Redmine Redmine 0.9.1
Redmine Redmine 0.9.2
Redmine Redmine 0.6.4
Redmine Redmine 1.0.0
Redmine Redmine 1.0.4
Redmine Redmine 1.0.1
Redmine Redmine 1.0.2
Redmine Redmine 0.1.0
Redmine Redmine 0.8.5
4.3
CVSSv2
CVE-2011-1723
Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 up to and including 1.1.1 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained fro...
Redmine Redmine 1.1.0
Redmine Redmine 1.1.1
Redmine Redmine 1.0.1
Redmine Redmine 1.0.2
Redmine Redmine 1.0.3
Redmine Redmine 1.0.4
Redmine Redmine 1.0.5
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »