CVSS: 5.0EPSS: 0%CPEs: 33EXPL: 0CVE-2012-3356
https://notcve.org/view.php?id=CVE-2012-3356
The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors. La vista SVN de funcionalidad remota (lib/vclib/svn/svn_ra.py) en ViewVC anterior a v1.1.15 no realiza correctamente la autorización, permite a atacantes remotos eludir restricciones de acceso a través destinados vectores no especificados. • http://osvdb.org/83225 http://viewvc.tigris.org/issues/show_bug.cgi?id=353 http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.15/CHANGES http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755 http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2756 http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2757 http://viewvc.tigris.org/source/browse/viewvc? • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 33EXPL: 0CVE-2012-3357
https://notcve.org/view.php?id=CVE-2012-3357
The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak." La revisión de la vista SVN (lib/vclib/svn/svn_repos.py) en ViewVC anterior a 1.1.15 no controla correctamente los mensajes de registro cuando se copia un camino legible de una ruta ilegible, lo que permite a atacantes remotos obtener información sensible, relacionada con un "log msg leak". • http://osvdb.org/83227 http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758 http://www.debian.org/security/2012/dsa-2563 http://www.mandriva.com/security/advisories?name=MDVSA-2013:134 http://www.openwall.com/lists/oss-security/2012/06/25/8 http://www.securityfocus.com/bid/54199 https://exchange.xforce.ibmcloud.com/vulnerabilities/76615 https://lwn.net/Articles/505096 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 1%CPEs: 29EXPL: 0CVE-2009-5024
https://notcve.org/view.php?id=CVE-2009-5024
ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request. ViewVC antes de v1.1.11 permite a atacantes remotos saltar la opción de configuración de cvsdb que limita el número de columnas, y por lo tanto realizar ataques de consumo de recursos, a través del parámetro límite,como se demuestra con una petición de "consulta al historial de revisiones" • http://openwall.com/lists/oss-security/2011/05/19/1 http://openwall.com/lists/oss-security/2011/05/19/9 http://viewvc.tigris.org/issues/show_bug.cgi?id=433 http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.11/CHANGES http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/cvsdb.py?diff_format=u&view=log#rev2547 http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?diff_format=u&r1=2547&r2=2546&pathrev=2547 http://www.debian&# • CWE-399: Resource Management Errors •
CVSS: 2.6EPSS: 0%CPEs: 16EXPL: 0CVE-2010-0132
https://notcve.org/view.php?id=CVE-2010-0132
Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ViewVC 1.1 en versiones anteriores a la 1.1.5 y 1.0 en versiones anteriores a la 1.0.11, cuando la funcionalidad de búsqueda con expresiones regulares está habilitada, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores relacionados con "search_re input," una vulnerabilidad diferente a CVE-2010-0736. • http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038420.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038456.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038925.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html http://secunia.com/advisories/38918 http://secunia.com/secunia_research/2010-26 http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2342&r2=2359&pathrev=HEAD http://www.securi • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2010-0736
https://notcve.org/view.php?id=CVE-2010-0736
Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función view_queryform en lib/viewvc.py en ViewVC anterior a v1.0.10, y v1.1.x anterior a v1.1.4, permite a atacantes remotos inyectar código web o HTML de su elección a través de "user-provided input." • http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2313&r2=2342&pathrev=HEAD http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2326 http://www.openwall.com/lists/oss-security/2010/03/10/8 http://www.openwall.com/lists/oss-security/2010/03/16/14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •