CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2010-0005
https://notcve.org/view.php?id=CVE-2010-0005
query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query. query.py en el interfaz de consultas en ViewVC anterior a v 1.1.3., no rechaza las configuraciones que especifican un autorizador no soportado para root, lo que podría pertmitir a atacantes remotos evitar las restricciones de acceso establecidas a través de una consulta. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300 http://www.openwall.com/lists/oss-security/2010/01/11/2 http://www.openwall.com/lists/oss-security/2010/01/13/5 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html https://www.redhat.com/archives/fedora-package-announce/ • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2006-5442
https://notcve.org/view.php?id=CVE-2006-5442
ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks that inject arbitrary UTF-7 encoded JavaScript code via a view. ViewVC 1.0.2 y anteriores no especifica un charset en su cabecera HTTP o documentos HTML, lo cual permite a un atacante remoto llevar a cabo un ataque de secuencias de comandos en sitios cruzados que inyectan código JavaScript UTF-7 de su elección a a través de una vista. • http://secunia.com/advisories/22395 http://securityreason.com/securityalert/1755 http://viewvc.tigris.org/servlets/ReadMsg?list=announce&msgNo=5&raw=true http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD http://www.hardened-php.net/advisory_102006.134.html http://www.securityfocus.com/archive/1/448762/100/0/threaded http://www.securityfocus.com/bid/20543 https://exchange.xforce.ibmcloud.com/vulnerabilities/29576 •