CVE-2012-4533
https://notcve.org/view.php?id=CVE-2012-4533
Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en los detalles "extra" en la función DiffSource._get_row en lib/viewvc.py en ViewVC v1.0.x antes de v1.0.13 y v1.1.x antes de v1.1.16 permite inyectar secuencias de comandos web o HTML a usuarios remotos autenticados con acceso al repositorio de versiones a través de la línea nombre de función (function name"). • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691062 http://osvdb.org/86566 http://secunia.com/advisories/51041 http://secunia.com/advisories/51072 http://viewvc.tigris.org/issues/show_bug.cgi?id=515 http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.0.13/CHANGES http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.16/CHANGES http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2792 http://viewvc.tigris.org/source • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-3356
https://notcve.org/view.php?id=CVE-2012-3356
The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors. La vista SVN de funcionalidad remota (lib/vclib/svn/svn_ra.py) en ViewVC anterior a v1.1.15 no realiza correctamente la autorización, permite a atacantes remotos eludir restricciones de acceso a través destinados vectores no especificados. • http://osvdb.org/83225 http://viewvc.tigris.org/issues/show_bug.cgi?id=353 http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.15/CHANGES http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755 http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2756 http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2757 http://viewvc.tigris.org/source/browse/viewvc? • CWE-287: Improper Authentication •
CVE-2012-3357
https://notcve.org/view.php?id=CVE-2012-3357
The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak." La revisión de la vista SVN (lib/vclib/svn/svn_repos.py) en ViewVC anterior a 1.1.15 no controla correctamente los mensajes de registro cuando se copia un camino legible de una ruta ilegible, lo que permite a atacantes remotos obtener información sensible, relacionada con un "log msg leak". • http://osvdb.org/83227 http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758 http://www.debian.org/security/2012/dsa-2563 http://www.mandriva.com/security/advisories?name=MDVSA-2013:134 http://www.openwall.com/lists/oss-security/2012/06/25/8 http://www.securityfocus.com/bid/54199 https://exchange.xforce.ibmcloud.com/vulnerabilities/76615 https://lwn.net/Articles/505096 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-5024
https://notcve.org/view.php?id=CVE-2009-5024
ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request. ViewVC antes de v1.1.11 permite a atacantes remotos saltar la opción de configuración de cvsdb que limita el número de columnas, y por lo tanto realizar ataques de consumo de recursos, a través del parámetro límite,como se demuestra con una petición de "consulta al historial de revisiones" • http://openwall.com/lists/oss-security/2011/05/19/1 http://openwall.com/lists/oss-security/2011/05/19/9 http://viewvc.tigris.org/issues/show_bug.cgi?id=433 http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.11/CHANGES http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/cvsdb.py?diff_format=u&view=log#rev2547 http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?diff_format=u&r1=2547&r2=2546&pathrev=2547 http://www.debian • CWE-399: Resource Management Errors •
CVE-2010-0132
https://notcve.org/view.php?id=CVE-2010-0132
Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ViewVC 1.1 en versiones anteriores a la 1.1.5 y 1.0 en versiones anteriores a la 1.0.11, cuando la funcionalidad de búsqueda con expresiones regulares está habilitada, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores relacionados con "search_re input," una vulnerabilidad diferente a CVE-2010-0736. • http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038420.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038456.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038925.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html http://secunia.com/advisories/38918 http://secunia.com/secunia_research/2010-26 http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2342&r2=2359&pathrev=HEAD http://www.securi • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •