CVE-2021-32305 – Websvn 2.6.0 - Remote Code Execution (Unauthenticated)
https://notcve.org/view.php?id=CVE-2021-32305
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter. WebSVN versiones anteriores a 2.6.1, permite a atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres shell en el parámetro search Websvn version 2.6.0 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/50042 https://github.com/FredBrave/CVE-2021-32305-websvn-2.6.0 http://packetstormsecurity.com/files/163225/Websvn-2.6.0-Remote-Code-Execution.html https://github.com/websvnphp/websvn/pull/142 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2016-2511 – WebSVN 2.3.3 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2016-2511
Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php. Vulnerabilidad de XXS en WebSVN 2.3.3 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro path a log.php. WebSVN version 2.3.3 suffers from a cross site scripting vulnerability. • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179168.html http://packetstormsecurity.com/files/135886/WebSVN-2.3.3-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2016/Feb/99 http://www.debian.org/security/2016/dsa-3490 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-6892
https://notcve.org/view.php?id=CVE-2013-6892
WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit. WebSVN 2.3.3 permite a usuarios remotos autenticados leer archivos arbitrarios a través de un ataque symlink en un commit • http://secunia.com/advisories/62233 http://www.debian.org/security/2015/dsa-3137 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775682 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •