CVSS: 6.8EPSS: 0%CPEs: 20EXPL: 3CVE-2008-5919 – WebSVN 2.0 - Cross-Site Scripting / File Handling / Code Execution
https://notcve.org/view.php?id=CVE-2008-5919
Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter. Vulnerabilidad de salto de directorio en rss.php en WebSVN v2.0 y anteriores, cuando magic_quotes_gpc está deshabilitado, permite a atacantes remotos sobrescribir ficheros de su elección a través de secuencias de salto de directorio en el parámetro "rev". • https://www.exploit-db.com/exploits/6822 http://secunia.com/advisories/32338 http://secunia.com/advisories/34191 http://securityreason.com/securityalert/4928 http://websvn.tigris.org/issues/show_bug.cgi?id=179 http://websvn.tigris.org/servlets/NewsItemView?newsItemID=2218 http://www.gentoo.org/security/en/glsa/glsa-200903-20.xml http://www.gulftech.org/?node=research&article_id=00132-10202008 http://www.securityfocus.com/bid/31891 https://exchange.xforce.ibmcloud.com/vulnerabilities& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3056
https://notcve.org/view.php?id=CVE-2007-3056
Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo filedetails.php en WebSVN versión 2.0rc4, y posiblemente anteriores, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro path. • http://bugs.gentoo.org/show_bug.cgi?id=180879 http://osvdb.org/36409 http://secunia.com/advisories/25532 http://securitytracker.com/id?1018601 http://websvn.tigris.org/servlets/ReadMsg?list=dev&msgNo=1328 http://www.attrition.org/pipermail/vim/2007-August/001771.html http://www.nabble.com/CVE-2007-3056-tf4246678.html http://www.securityfocus.com/bid/24310 https://exchange.xforce.ibmcloud.com/vulnerabilities/34726 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •