Vulnerabilities (CVE)

Filtered by vendor Enalean Subscribe

Filtered by product Tuleap

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 4 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2014-8791	1 Enalean	1 Tuleap	2018-10-09	6.0 MEDIUM	N/A
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.
CVE-2014-7176	1 Enalean	1 Tuleap	2017-09-08	6.5 MEDIUM	N/A
SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman.
CVE-2014-7177	1 Enalean	1 Tuleap	2017-09-08	4.0 MEDIUM	N/A
XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.
CVE-2014-7178	1 Enalean	1 Tuleap	2014-12-17	9.3 HIGH	N/A
Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.