Cross-site scripting (XSS) vulnerability in logout.php in TaskFreak! Original multi user before 0.6.4 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| taskfreak | taskfreak! | 0.1.4 |
| taskfreak | taskfreak! | 0.5.3 |
| taskfreak | taskfreak! | 0.3.0 |
| taskfreak | taskfreak! | 0.5.5 |
| taskfreak | taskfreak! | 0.5.7 |
| taskfreak | taskfreak! | 0.2.0 |
| taskfreak | taskfreak! | 0.2.1 |
| taskfreak | taskfreak! | 0.1.3 |
| taskfreak | taskfreak! | 0.5.6 |
| taskfreak | taskfreak! | * |
| taskfreak | taskfreak! | 0.6.1 |
| taskfreak | taskfreak! | 0.4.0 |
| taskfreak | taskfreak! | 0.6.0 |
| taskfreak | taskfreak! | 0.3.2 |
| taskfreak | taskfreak! | 0.6.2 |
| taskfreak | taskfreak! | 0.5.1 |
| taskfreak | taskfreak! | 0.4.1 |
| taskfreak | taskfreak! | 0.4.2 |
| taskfreak | taskfreak! | 0.1 |
| taskfreak | taskfreak! | 0.5.2 |
| taskfreak | taskfreak! | 0.5.4 |
| taskfreak | taskfreak! | 0.5.0 |
| taskfreak | taskfreak! | 0.1.2 |
| taskfreak | taskfreak! | 0.3.1 |
| taskfreak | taskfreak! | 0.2.2 |
SQL injection vulnerability in include/classes/tzn_user.php in TaskFreak! Original multi user before 0.6.4 allows remote attackers to execute arbitrary SQL commands via the password parameter to login.php.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| taskfreak | taskfreak! | 0.1.4 |
| taskfreak | taskfreak! | 0.5.3 |
| taskfreak | taskfreak! | 0.3.0 |
| taskfreak | taskfreak! | 0.5.5 |
| taskfreak | taskfreak! | 0.5.7 |
| taskfreak | taskfreak! | 0.2.0 |
| taskfreak | taskfreak! | 0.2.1 |
| taskfreak | taskfreak! | 0.1.3 |
| taskfreak | taskfreak! | 0.5.6 |
| taskfreak | taskfreak! | * |
| taskfreak | taskfreak! | 0.6.1 |
| taskfreak | taskfreak! | 0.4.0 |
| taskfreak | taskfreak! | 0.6.0 |
| taskfreak | taskfreak! | 0.3.2 |
| taskfreak | taskfreak! | 0.6.2 |
| taskfreak | taskfreak! | 0.5.1 |
| taskfreak | taskfreak! | 0.4.1 |
| taskfreak | taskfreak! | 0.4.2 |
| taskfreak | taskfreak! | 0.1 |
| taskfreak | taskfreak! | 0.5.2 |
| taskfreak | taskfreak! | 0.5.4 |
| taskfreak | taskfreak! | 0.5.0 |
| taskfreak | taskfreak! | 0.1.2 |
| taskfreak | taskfreak! | 0.3.1 |
| taskfreak | taskfreak! | 0.2.2 |
SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| taskfreak | taskfreak! | 0.1.4 |
| taskfreak | taskfreak! | 0.5.3 |
| taskfreak | taskfreak! | 0.5.5 |
| taskfreak | taskfreak! | 0.5.7 |
| taskfreak | taskfreak! | 0.1.3 |
| taskfreak | taskfreak! | 0.5.1 |
| taskfreak | taskfreak! | 0.4.1 |
| taskfreak | taskfreak! | 0.4.2 |
| taskfreak | taskfreak! | 0.1 |
| taskfreak | taskfreak! | 0.5.2 |
| taskfreak | taskfreak! | 0.5.4 |
| taskfreak | taskfreak! | 0.5.6 |
| taskfreak | taskfreak! | 0.5.0 |
| taskfreak | taskfreak! | * |
| taskfreak | taskfreak! | 0.6.1 |
| taskfreak | taskfreak! | 0.4.0 |
| taskfreak | taskfreak! | 0.6.0 |
| tirzen | tirzen_framework | 1.5 |
| taskfreak | taskfreak! | 0.1.2 |
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| taskfreak | taskfreak! | 0.6.4 |
TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/language/zh/register_info.php and certain other files.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| taskfreak | taskfreak!_multi-mysql | 0.6 |