CVE-2006-2106
https://notcve.org/view.php?id=CVE-2006-2106
Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro." • http://jvn.jp/jp/JVN%2384091359/index.html http://secunia.com/advisories/19870 http://securitytracker.com/id?1015986 http://www.edgewall.com/blog/news/trac_0_9_5.html http://www.securityfocus.com/bid/17741 http://www.vupen.com/english/advisories/2006/1557 https://exchange.xforce.ibmcloud.com/vulnerabilities/26125 •
CVE-2005-4644
https://notcve.org/view.php?id=CVE-2005-4644
Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag. • http://projects.edgewall.com/trac/ticket/2473 http://secunia.com/advisories/18465 http://secunia.com/advisories/18555 http://trac.edgewall.org/ticket/2473 http://www.debian.org/security/2006/dsa-951 http://www.securityfocus.com/bid/16198 http://www.vupen.com/english/advisories/2006/0226 https://exchange.xforce.ibmcloud.com/vulnerabilities/24183 •
CVE-2005-4305
https://notcve.org/view.php?id=CVE-2005-4305
Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page. • http://projects.edgewall.com/trac/wiki/ChangeLog http://secunia.com/advisories/18048 http://secunia.com/advisories/18625 http://securitytracker.com/id?1015363 http://www.gentoo.org/security/en/glsa/glsa-200601-12.xml http://www.securityfocus.com/bid/16386 http://www.vupen.com/english/advisories/2005/2936 https://exchange.xforce.ibmcloud.com/vulnerabilities/23775 •
CVE-2005-4065 – Edgewall Software Trac 0.7.1/0.8/0.9 Search Module - SQL Injection
https://notcve.org/view.php?id=CVE-2005-4065
SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors. • https://www.exploit-db.com/exploits/26732 http://lists.edgewall.com/archive/trac/2005-December/005777.html http://projects.edgewall.com/trac/wiki/ChangeLog http://secunia.com/advisories/17894 http://secunia.com/advisories/18555 http://securityreason.com/securityalert/222 http://www.debian.org/security/2006/dsa-951 http://www.osvdb.org/21459 http://www.securityfocus.com/bid/15720 http://www.vupen.com/english/advisories/2005/2766 •
CVE-2005-3980 – Edgewall Software Trac 0.9 Ticket Query Module - SQL Injection
https://notcve.org/view.php?id=CVE-2005-3980
SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter. • https://www.exploit-db.com/exploits/26693 http://projects.edgewall.com/trac/wiki/ChangeLog http://secunia.com/advisories/17836 http://securitytracker.com/id?1015302 http://www.osvdb.org/21386 http://www.securityfocus.com/archive/1/418294/100/0/threaded http://www.securityfocus.com/bid/15676 http://www.vupen.com/english/advisories/2005/2701 https://exchange.xforce.ibmcloud.com/vulnerabilities/23461 •