Page 2 of 13 results (0.007 seconds)

CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 0

Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458. Trac anterior a 0.9.6 no deshabilita los comandos "raw" o "nclude" cuando se mantiene a usuarios no válidos con la funcionalidad de texto reestructurado (reStructuredText) desde docutils, lo cual permite a atacantes remotos leer archivos de su elección, realizando ataques de secuencias de comandos en sitios cruzados (XSS), o provocar denegación de servicio a través de vectores no especificados. NOTA: esto podría estar relacionado con CVE-2006-3458. • http://secunia.com/advisories/20958 http://secunia.com/advisories/21534 http://securitytracker.com/id?1016457 http://trac.edgewall.org/wiki/ChangeLog http://www.debian.org/security/2006/dsa-1152 http://www.securityfocus.com/bid/18323 http://www.vupen.com/english/advisories/2006/2729 https://exchange.xforce.ibmcloud.com/vulnerabilities/27706 https://exchange.xforce.ibmcloud.com/vulnerabilities/27708 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro." • http://jvn.jp/jp/JVN%2384091359/index.html http://secunia.com/advisories/19870 http://securitytracker.com/id?1015986 http://www.edgewall.com/blog/news/trac_0_9_5.html http://www.securityfocus.com/bid/17741 http://www.vupen.com/english/advisories/2006/1557 https://exchange.xforce.ibmcloud.com/vulnerabilities/26125 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag. • http://projects.edgewall.com/trac/ticket/2473 http://secunia.com/advisories/18465 http://secunia.com/advisories/18555 http://trac.edgewall.org/ticket/2473 http://www.debian.org/security/2006/dsa-951 http://www.securityfocus.com/bid/16198 http://www.vupen.com/english/advisories/2006/0226 https://exchange.xforce.ibmcloud.com/vulnerabilities/24183 •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page. • http://projects.edgewall.com/trac/wiki/ChangeLog http://secunia.com/advisories/18048 http://secunia.com/advisories/18625 http://securitytracker.com/id?1015363 http://www.gentoo.org/security/en/glsa/glsa-200601-12.xml http://www.securityfocus.com/bid/16386 http://www.vupen.com/english/advisories/2005/2936 https://exchange.xforce.ibmcloud.com/vulnerabilities/23775 •

CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 2

SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors. • https://www.exploit-db.com/exploits/26732 http://lists.edgewall.com/archive/trac/2005-December/005777.html http://projects.edgewall.com/trac/wiki/ChangeLog http://secunia.com/advisories/17894 http://secunia.com/advisories/18555 http://securityreason.com/securityalert/222 http://www.debian.org/security/2006/dsa-951 http://www.osvdb.org/21459 http://www.securityfocus.com/bid/15720 http://www.vupen.com/english/advisories/2005/2766 •