Page 2 of 9 results (0.002 seconds)

CVSS: 7.5EPSS: 2%CPEs: 23EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Edgewall Trac 0.10 y anteriores permite a atacantes remotos realizar acciones no autorizadas como otros usuarios mediante vectores desconocidos. • http://secunia.com/advisories/22789 http://secunia.com/advisories/22868 http://secunia.com/advisories/23357 http://security.gentoo.org/glsa/glsa-200612-14.xml http://trac.edgewall.org/ticket/4049 http://trac.edgewall.org/wiki/ChangeLog http://www.debian.org/security/2006/dsa-1209 http://www.vupen.com/english/advisories/2006/4422 https://exchange.xforce.ibmcloud.com/vulnerabilities/30146 •

CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 0

Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458. Trac anterior a 0.9.6 no deshabilita los comandos "raw" o "nclude" cuando se mantiene a usuarios no válidos con la funcionalidad de texto reestructurado (reStructuredText) desde docutils, lo cual permite a atacantes remotos leer archivos de su elección, realizando ataques de secuencias de comandos en sitios cruzados (XSS), o provocar denegación de servicio a través de vectores no especificados. NOTA: esto podría estar relacionado con CVE-2006-3458. • http://secunia.com/advisories/20958 http://secunia.com/advisories/21534 http://securitytracker.com/id?1016457 http://trac.edgewall.org/wiki/ChangeLog http://www.debian.org/security/2006/dsa-1152 http://www.securityfocus.com/bid/18323 http://www.vupen.com/english/advisories/2006/2729 https://exchange.xforce.ibmcloud.com/vulnerabilities/27706 https://exchange.xforce.ibmcloud.com/vulnerabilities/27708 •

CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 3

SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter. • https://www.exploit-db.com/exploits/26693 http://projects.edgewall.com/trac/wiki/ChangeLog http://secunia.com/advisories/17836 http://securitytracker.com/id?1015302 http://www.osvdb.org/21386 http://www.securityfocus.com/archive/1/418294/100/0/threaded http://www.securityfocus.com/bid/15676 http://www.vupen.com/english/advisories/2005/2701 https://exchange.xforce.ibmcloud.com/vulnerabilities/23461 •

CVSS: 6.4EPSS: 0%CPEs: 11EXPL: 0

Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the id parameter to the (1) upload or (2) attachment scripts. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034618.html http://secunia.com/advisories/15752 http://svn.edgewall.com/repos/trac/tags/trac-0.8.4/ChangeLog http://www.hardened-php.net/advisory-012005.php •