|ID||CVSS||Summary||Last (major) update||Published|
An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password.
|21-09-2018 - 03:29||21-09-2018 - 03:29|
A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands.
|12-03-2018 - 17:29||12-03-2018 - 17:29|
An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered
|01-03-2018 - 18:29||01-03-2018 - 18:29|
An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users
|30-10-2017 - 10:29||30-10-2017 - 10:29|
XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.
|01-12-2015 - 14:03||31-10-2014 - 10:55|
SQL injection vulnerability in Enalean Tuleap before 184.108.40.206 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman.
|20-11-2015 - 11:26||04-11-2014 - 10:55|
Enalean Tuleap before 220.127.116.11 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.
|16-12-2014 - 21:46||28-11-2014 - 10:59|
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.
|16-12-2014 - 14:23||01-12-2014 - 20:59|