CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2007-1405
https://notcve.org/view.php?id=CVE-2007-1405
Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en la característica "descargar wiki como página de texto" en Trac anterior a 0.10.3.1, cuando se utiliza Microsoft Internet Explorer, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de parámetros no especificados. • http://secunia.com/advisories/24470 http://trac.edgewall.org/wiki/ChangeLog http://www.securityfocus.com/bid/22888 http://www.vupen.com/english/advisories/2007/0900 https://exchange.xforce.ibmcloud.com/vulnerabilities/32897 •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2007-1406
https://notcve.org/view.php?id=CVE-2007-1406
Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors. Trac anterior a 0.10.3.1 no envía una cabecera de disposición de contenido HTTP especificando un adjunto en ciertas situaciones "no seguras", lo cual tiene un impacto desconocido y vectores de ataque remotos. • http://trac.edgewall.org/wiki/ChangeLog •
CVSS: 7.5EPSS: 2%CPEs: 23EXPL: 0CVE-2006-5878
https://notcve.org/view.php?id=CVE-2006-5878
Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Edgewall Trac 0.10 y anteriores permite a atacantes remotos realizar acciones no autorizadas como otros usuarios mediante vectores desconocidos. • http://secunia.com/advisories/22789 http://secunia.com/advisories/22868 http://secunia.com/advisories/23357 http://security.gentoo.org/glsa/glsa-200612-14.xml http://trac.edgewall.org/ticket/4049 http://trac.edgewall.org/wiki/ChangeLog http://www.debian.org/security/2006/dsa-1209 http://www.vupen.com/english/advisories/2006/4422 https://exchange.xforce.ibmcloud.com/vulnerabilities/30146 •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 3CVE-2005-3980 – Edgewall Software Trac 0.9 Ticket Query Module - SQL Injection
https://notcve.org/view.php?id=CVE-2005-3980
SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter. • https://www.exploit-db.com/exploits/26693 http://projects.edgewall.com/trac/wiki/ChangeLog http://secunia.com/advisories/17836 http://securitytracker.com/id?1015302 http://www.osvdb.org/21386 http://www.securityfocus.com/archive/1/418294/100/0/threaded http://www.securityfocus.com/bid/15676 http://www.vupen.com/english/advisories/2005/2701 https://exchange.xforce.ibmcloud.com/vulnerabilities/23461 •