Page 2 of 10 results (0.013 seconds)

CVSS: 7.5EPSS: 2%CPEs: 23EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Edgewall Trac 0.10 y anteriores permite a atacantes remotos realizar acciones no autorizadas como otros usuarios mediante vectores desconocidos. • http://secunia.com/advisories/22789 http://secunia.com/advisories/22868 http://secunia.com/advisories/23357 http://security.gentoo.org/glsa/glsa-200612-14.xml http://trac.edgewall.org/ticket/4049 http://trac.edgewall.org/wiki/ChangeLog http://www.debian.org/security/2006/dsa-1209 http://www.vupen.com/english/advisories/2006/4422 https://exchange.xforce.ibmcloud.com/vulnerabilities/30146 •

CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 0

Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458. Trac anterior a 0.9.6 no deshabilita los comandos "raw" o "nclude" cuando se mantiene a usuarios no válidos con la funcionalidad de texto reestructurado (reStructuredText) desde docutils, lo cual permite a atacantes remotos leer archivos de su elección, realizando ataques de secuencias de comandos en sitios cruzados (XSS), o provocar denegación de servicio a través de vectores no especificados. NOTA: esto podría estar relacionado con CVE-2006-3458. • http://secunia.com/advisories/20958 http://secunia.com/advisories/21534 http://securitytracker.com/id?1016457 http://trac.edgewall.org/wiki/ChangeLog http://www.debian.org/security/2006/dsa-1152 http://www.securityfocus.com/bid/18323 http://www.vupen.com/english/advisories/2006/2729 https://exchange.xforce.ibmcloud.com/vulnerabilities/27706 https://exchange.xforce.ibmcloud.com/vulnerabilities/27708 •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page. • http://projects.edgewall.com/trac/wiki/ChangeLog http://secunia.com/advisories/18048 http://secunia.com/advisories/18625 http://securitytracker.com/id?1015363 http://www.gentoo.org/security/en/glsa/glsa-200601-12.xml http://www.securityfocus.com/bid/16386 http://www.vupen.com/english/advisories/2005/2936 https://exchange.xforce.ibmcloud.com/vulnerabilities/23775 •

CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 2

SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors. • https://www.exploit-db.com/exploits/26732 http://lists.edgewall.com/archive/trac/2005-December/005777.html http://projects.edgewall.com/trac/wiki/ChangeLog http://secunia.com/advisories/17894 http://secunia.com/advisories/18555 http://securityreason.com/securityalert/222 http://www.debian.org/security/2006/dsa-951 http://www.osvdb.org/21459 http://www.securityfocus.com/bid/15720 http://www.vupen.com/english/advisories/2005/2766 •

CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 3

SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter. • https://www.exploit-db.com/exploits/26693 http://projects.edgewall.com/trac/wiki/ChangeLog http://secunia.com/advisories/17836 http://securitytracker.com/id?1015302 http://www.osvdb.org/21386 http://www.securityfocus.com/archive/1/418294/100/0/threaded http://www.securityfocus.com/bid/15676 http://www.vupen.com/english/advisories/2005/2701 https://exchange.xforce.ibmcloud.com/vulnerabilities/23461 •