This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Flyspray | First view | 2005-10-27 |
| Product | Flyspray | Last view | 2017-10-10 |
| Version | 0.9.7 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:flyspray:flyspray | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.4 | 2017-10-10 | CVE-2017-15213 | Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl. |
| 5 | 2006-02-15 | CVE-2006-0714 | Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter. |
| 4.3 | 2005-10-27 | CVE-2005-3334 | Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) allows remote attackers to inject arbitrary web script or HTML via the (1) PHPSESSID, (2) task, (3) string, (4) type, (5) serv, (6) due, (7) dev, and (8) sort2 parameters. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 23171 | Flyspray install-0.9.7.php adodbpath Parameter Remote File Inclusion |
| 20326 | Flyspray index.php Multiple Parameter XSS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2008-09-04 | Name : FreeBSD Ports: flyspray File : nvt/freebsd_flyspray.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 953-1 (flyspray) File : nvt/deb_953_1.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-953.nasl - Type: ACT_GATHER_INFO |
| 2006-05-13 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_f4b9543051d811da8e930010dc4afb40.nasl - Type: ACT_GATHER_INFO |
| 2006-02-16 | Name: The remote web server contains a PHP script that is affected by a remote file... File: flyspray_adodbpath_file_include.nasl - Type: ACT_ATTACK |
