IDCVSSSummaryLast (major) updatePublished
CVE-2018-17298 5.0
An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password.
21-09-2018 - 03:29 21-09-2018 - 03:29
CVE-2018-7538 7.5
A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands.
12-03-2018 - 17:29 12-03-2018 - 17:29
CVE-2018-7634 6.8
An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered
01-03-2018 - 18:29 01-03-2018 - 18:29
CVE-2017-7411 6.5
An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users
30-10-2017 - 10:29 30-10-2017 - 10:29
CVE-2017-7981 9.0
Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, an
11-05-2017 - 10:22 29-04-2017 - 12:59
CVE-2014-7177 4.0
XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.
01-12-2015 - 14:03 31-10-2014 - 10:55
CVE-2014-7176 6.5
SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman.
20-11-2015 - 11:26 04-11-2014 - 10:55
CVE-2014-7178 9.3
Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.
16-12-2014 - 21:46 28-11-2014 - 10:59
CVE-2014-8791 6.0
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.
16-12-2014 - 14:23 01-12-2014 - 20:59
Back to Top Mark selected
Back to Top