Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2008-6947 | 7.5 |
Collabtive 0.4.8 allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php.
|
11-10-2018 - 20:57 | 12-08-2009 - 10:30 | |
CVE-2008-6949 | 6.8 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Collabtive 0.4.8 allow remote attackers to hijack the authentication of administrators for requests that (1) submit or edit a new project, or (2) upload files to a project, or (3) attach f
|
11-10-2018 - 20:57 | 12-08-2009 - 10:30 | |
CVE-2008-6946 | 4.3 |
Cross-site scripting (XSS) vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an edit
|
11-10-2018 - 20:57 | 12-08-2009 - 10:30 | |
CVE-2008-6948 | 6.5 |
Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct request to the fi
|
11-10-2018 - 20:57 | 12-08-2009 - 10:30 |