CVSS: 6.1EPSS: 1%CPEs: 7EXPL: 0CVE-2012-5650 – Apache CouchDB 1.0.3 / 1.1.1 / 1.2.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2012-5650
14 Jan 2013 — Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite. Una vulnerabilidad de tipo cross-site scripting (XSS) en la UI de Futon en Apache CouchDB anteriores a versión 1.0.4, versiones 1.1.x anteriores a 1.1.2 y versiones 1.2.x anteriores a 1.2.1, permite a los atacantes remotos inyectar script web o HTML arbitra... • http://archives.neohapsis.com/archives/bugtraq/2013-01/0056.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 4%CPEs: 13EXPL: 1CVE-2012-5641 – Apache CouchDB 1.0.3 / 1.1.1 / 1.2.0 Information Disclosure
https://notcve.org/view.php?id=CVE-2012-5641
14 Jan 2013 — Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI. Vulnerabilidad de salto de directorio en la función partition2 en mochiweb_util.erl en MochiWeb anterior a 2.4.0, utilizado en Apache CouchDB anterior a 1.0.4, 1.1.x anterior a 1.1.2 y 1.2.x anterior a 1.2.1, permite a ata... • http://seclists.org/fulldisclosure/2013/Jan/81 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 4%CPEs: 7EXPL: 0CVE-2012-5649 – Apache CouchDB 1.0.3 / 1.1.1 / 1.2.0 JSONP Adobe Code Execution
https://notcve.org/view.php?id=CVE-2012-5649
14 Jan 2013 — Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash. Apache CouchDB anterior a 1.0.4, 1.1.x anterior a 1.1.2 y 1.2.x anterior a 1.2.1 permite a atacantes remotos ejecutar código arbitrario a través de una devolución de llamada JSONP, relacionado con Adobe Flash. A security flaw was found in the way Apache CouchDB, a distributed,fault- tolerant and schema-free document-oriented database accessib... • http://archives.neohapsis.com/archives/bugtraq/2013-01/0057.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 5%CPEs: 13EXPL: 0CVE-2010-3854 – Apache CouchDB Cross Site Scripting
https://notcve.org/view.php?id=CVE-2010-3854
31 Jan 2011 — Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la interfaz de administración web (también conocido como Futon) en Apache CouchDB v0.8.0 hasta v1.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores... • http://mail-archives.apache.org/mod_mbox/couchdb-dev/201101.mbox/%3CC840F655-C8C5-4EC6-8AA8-DD223E39C34A%40apache.org%3E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2010-2953 – Debian Linux Security Advisory 2107-1
https://notcve.org/view.php?id=CVE-2010-2953
11 Sep 2010 — Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a crafted shared library in the current working directory. Vulnerabilidad ruta de búsqueda no confiable en un cierto parche de Debian GNU/Linux para el script couchdb en CouchDB 0.8.0 permite a usuarios locales escalar privilegios mediante una librería compartida manipulada en el directorio de trabajo actual. Dan Rosenberg discovered that in couchdb, a dis... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594412 •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2010-2234
https://notcve.org/view.php?id=CVE-2010-2234
19 Aug 2010 — Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Apache CouchDB 0.8.0 a 0.11.0, permite a atacantes remotos secuestrar la autenticación de administradores para peticiones directas a una URL de instalación. • http://seclists.org/fulldisclosure/2010/Aug/199 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2010-0009 – Apache CouchDB Timing Attack
https://notcve.org/view.php?id=CVE-2010-0009
01 Apr 2010 — Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords. Apache CouchDB v0.8.0 hasta v0.10.1 permite a atacantes remotos conseguir información sensible midiedfo el tiempo de completar las operaciones que verifican (1) hashes o (2) passwords. Apache CouchDB versions prior to version 0.11.0 are vulnerable to timing attacks, also known as side-channel information leakage, due to using simp... • http://archives.neohapsis.com/archives/bugtraq/2010-03/0267.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •