CVE-2006-5878
https://notcve.org/view.php?id=CVE-2006-5878
Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Edgewall Trac 0.10 y anteriores permite a atacantes remotos realizar acciones no autorizadas como otros usuarios mediante vectores desconocidos. • http://secunia.com/advisories/22789 http://secunia.com/advisories/22868 http://secunia.com/advisories/23357 http://security.gentoo.org/glsa/glsa-200612-14.xml http://trac.edgewall.org/ticket/4049 http://trac.edgewall.org/wiki/ChangeLog http://www.debian.org/security/2006/dsa-1209 http://www.vupen.com/english/advisories/2006/4422 https://exchange.xforce.ibmcloud.com/vulnerabilities/30146 •
CVE-2006-3695
https://notcve.org/view.php?id=CVE-2006-3695
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458. Trac anterior a 0.9.6 no deshabilita los comandos "raw" o "nclude" cuando se mantiene a usuarios no válidos con la funcionalidad de texto reestructurado (reStructuredText) desde docutils, lo cual permite a atacantes remotos leer archivos de su elección, realizando ataques de secuencias de comandos en sitios cruzados (XSS), o provocar denegación de servicio a través de vectores no especificados. NOTA: esto podría estar relacionado con CVE-2006-3458. • http://secunia.com/advisories/20958 http://secunia.com/advisories/21534 http://securitytracker.com/id?1016457 http://trac.edgewall.org/wiki/ChangeLog http://www.debian.org/security/2006/dsa-1152 http://www.securityfocus.com/bid/18323 http://www.vupen.com/english/advisories/2006/2729 https://exchange.xforce.ibmcloud.com/vulnerabilities/27706 https://exchange.xforce.ibmcloud.com/vulnerabilities/27708 •
CVE-2005-4644
https://notcve.org/view.php?id=CVE-2005-4644
Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag. • http://projects.edgewall.com/trac/ticket/2473 http://secunia.com/advisories/18465 http://secunia.com/advisories/18555 http://trac.edgewall.org/ticket/2473 http://www.debian.org/security/2006/dsa-951 http://www.securityfocus.com/bid/16198 http://www.vupen.com/english/advisories/2006/0226 https://exchange.xforce.ibmcloud.com/vulnerabilities/24183 •
CVE-2005-4305
https://notcve.org/view.php?id=CVE-2005-4305
Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page. • http://projects.edgewall.com/trac/wiki/ChangeLog http://secunia.com/advisories/18048 http://secunia.com/advisories/18625 http://securitytracker.com/id?1015363 http://www.gentoo.org/security/en/glsa/glsa-200601-12.xml http://www.securityfocus.com/bid/16386 http://www.vupen.com/english/advisories/2005/2936 https://exchange.xforce.ibmcloud.com/vulnerabilities/23775 •
CVE-2005-3980 – Edgewall Software Trac 0.9 Ticket Query Module - SQL Injection
https://notcve.org/view.php?id=CVE-2005-3980
SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter. • https://www.exploit-db.com/exploits/26693 http://projects.edgewall.com/trac/wiki/ChangeLog http://secunia.com/advisories/17836 http://securitytracker.com/id?1015302 http://www.osvdb.org/21386 http://www.securityfocus.com/archive/1/418294/100/0/threaded http://www.securityfocus.com/bid/15676 http://www.vupen.com/english/advisories/2005/2701 https://exchange.xforce.ibmcloud.com/vulnerabilities/23461 •