ush.it - a beautiful place

Collabtive 0.4.8 Multiple Vulnerabilities

November 11, 2008 at 1:42 pm - Filed under aa, bb - 913 words, reading time ~3 minutes - Permalink - Comments

Luckily sometimes there's the time to publish advisories and do the lengthy "responsible"-disclosure process. Antonio discovered multiple vulnerabilities in Collabtive, a project management software, ranging from a stored XSS, an authentication bypass that lead to the creation of additional administrative users to an arbitrary file upload vulnerability mixed with weak seeding. Have a good reading.

Reed's Alert! Got something burning? Tell USH team.
THP USH (HTTPS) Wisec DigitalBullets TheHackersPlace network