CVSS: 10.0EPSS: 94%CPEs: 1EXPL: 3CVE-2021-32305 – Websvn 2.6.0 - Remote Code Execution (Unauthenticated)
https://notcve.org/view.php?id=CVE-2021-32305
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter. WebSVN versiones anteriores a 2.6.1, permite a atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres shell en el parámetro search Websvn version 2.6.0 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/50042 https://github.com/FredBrave/CVE-2021-32305-websvn-2.6.0 http://packetstormsecurity.com/files/163225/Websvn-2.6.0-Remote-Code-Execution.html https://github.com/websvnphp/websvn/pull/142 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2016-2511 – WebSVN 2.3.3 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2016-2511
Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php. Vulnerabilidad de XXS en WebSVN 2.3.3 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro path a log.php. WebSVN version 2.3.3 suffers from a cross site scripting vulnerability. • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179168.html http://packetstormsecurity.com/files/135886/WebSVN-2.3.3-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2016/Feb/99 http://www.debian.org/security/2016/dsa-3490 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2011-5221
https://notcve.org/view.php?id=CVE-2011-5221
Cross-site scripting (XSS) vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to (1) comp.php, (2) diff.php, or (3) revision.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función getLog en svnlook.php en WebSVN anteriores a v2.3.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro path sobre (1) comp.php, (2) diff.php, o (3) revision.php. • http://osvdb.org/77941 http://osvdb.org/77942 http://osvdb.org/77943 http://secunia.com/advisories/47288 http://st2tea.blogspot.com/2011/12/websvn-cross-site-scripting.html http://websvn.tigris.org/issues/show_bug.cgi?id=275 http://www.securityfocus.com/bid/51109 http://www.securitytracker.com/id?1026438 https://exchange.xforce.ibmcloud.com/vulnerabilities/71888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 3CVE-2008-5918 – WebSVN 2.0 - Cross-Site Scripting / File Handling / Code Execution
https://notcve.org/view.php?id=CVE-2008-5918
Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función getParameterisedSelfUrl en index.php en WebSVN v2.0 y anteriores permite a atacantes remotos inyectar secuencias de comando web o HTML de su elección a través de PATH_INFO. • https://www.exploit-db.com/exploits/6822 http://secunia.com/advisories/32338 http://secunia.com/advisories/34191 http://securityreason.com/securityalert/4928 http://websvn.tigris.org/issues/show_bug.cgi?id=179 http://websvn.tigris.org/servlets/NewsItemView?newsItemID=2218 http://www.gentoo.org/security/en/glsa/glsa-200903-20.xml http://www.gulftech.org/?node=research&article_id=00132-10202008 http://www.securityfocus.com/bid/31891 https://exchange.xforce.ibmcloud.com/vulnerabilities& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 20EXPL: 3CVE-2008-5919 – WebSVN 2.0 - Cross-Site Scripting / File Handling / Code Execution
https://notcve.org/view.php?id=CVE-2008-5919
Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter. Vulnerabilidad de salto de directorio en rss.php en WebSVN v2.0 y anteriores, cuando magic_quotes_gpc está deshabilitado, permite a atacantes remotos sobrescribir ficheros de su elección a través de secuencias de salto de directorio en el parámetro "rev". • https://www.exploit-db.com/exploits/6822 http://secunia.com/advisories/32338 http://secunia.com/advisories/34191 http://securityreason.com/securityalert/4928 http://websvn.tigris.org/issues/show_bug.cgi?id=179 http://websvn.tigris.org/servlets/NewsItemView?newsItemID=2218 http://www.gentoo.org/security/en/glsa/glsa-200903-20.xml http://www.gulftech.org/?node=research&article_id=00132-10202008 http://www.securityfocus.com/bid/31891 https://exchange.xforce.ibmcloud.com/vulnerabilities& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •