Viewvc

Viewvc

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.6

CVE-2010-0132

  • EPSS 0.6%
  • Veröffentlicht 31.03.2010 18:00:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re i...

4.3

CVE-2010-0736

  • EPSS 0.26%
  • Veröffentlicht 19.03.2010 19:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input."

7.5

CVE-2010-0005

  • EPSS 0.48%
  • Veröffentlicht 29.01.2010 18:30:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query.

5

CVE-2010-0004

  • EPSS 0.82%
  • Veröffentlicht 29.01.2010 18:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.

5

CVE-2009-3619

  • EPSS 0.49%
  • Veröffentlicht 10.11.2009 02:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."

4.3

CVE-2009-3618

  • EPSS 0.71%
  • Veröffentlicht 10.11.2009 02:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party in...

5.8

CVE-2008-4325

  • EPSS 0.9%
  • Veröffentlicht 30.09.2008 16:13:50
  • Zuletzt bearbeitet 09.04.2025 00:30:58

lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that i...

4.3

CVE-2008-1292

  • EPSS 0.72%
  • Veröffentlicht 24.03.2008 17:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only...

4.3

CVE-2008-1291

  • EPSS 0.66%
  • Veröffentlicht 24.03.2008 17:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.

4.3

CVE-2008-1290

  • EPSS 0.72%
  • Veröffentlicht 24.03.2008 17:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.