CVE-2011-2195
- EPSS 3.42%
- Published 26.10.2021 13:15:07
- Last modified 21.11.2024 01:27:47
A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary commands against the underlyi...
- EPSS 93.29%
- Published 18.05.2021 17:15:07
- Last modified 21.11.2024 06:06:59
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.
CVE-2016-1236
- EPSS 0.29%
- Published 11.05.2016 21:59:00
- Last modified 12.04.2025 10:46:40
Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in ...
CVE-2016-2511
- EPSS 0.39%
- Published 07.04.2016 21:59:03
- Last modified 12.04.2025 10:46:40
Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php.
CVE-2013-6892
- EPSS 0.17%
- Published 21.01.2015 18:59:00
- Last modified 12.04.2025 10:46:40
WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit.
CVE-2011-5221
- EPSS 0.65%
- Published 25.10.2012 17:55:04
- Last modified 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to (1) comp.php, (2) diff.php, or (3) revision.php.
CVE-2007-3056
- EPSS 0.79%
- Published 06.06.2007 01:30:00
- Last modified 09.04.2025 00:30:58
Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter.