CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2010-0005
https://notcve.org/view.php?id=CVE-2010-0005
query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query. query.py en el interfaz de consultas en ViewVC anterior a v 1.1.3., no rechaza las configuraciones que especifican un autorizador no soportado para root, lo que podría pertmitir a atacantes remotos evitar las restricciones de acceso establecidas a través de una consulta. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300 http://www.openwall.com/lists/oss-security/2010/01/11/2 http://www.openwall.com/lists/oss-security/2010/01/13/5 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01421.html https://www.redhat.com/archives/fedora-package-announce/ • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0CVE-2010-0004
https://notcve.org/view.php?id=CVE-2010-0004
ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view. ViewVc anterior a v1.1.3, compone la vista del listado root sin emplear la autorización para cada root, lo que podría permitir a atcantes remotos descubrir los nombres privados de root leyendo esta vista. • http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/trunk/docs/release-notes/1.1.0.html?revision=2222 http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2242&r2=2313&pathrev=HEAD http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2300 http://www.openwall.com/lists/oss-security/2010/01/11/2 http://www.openwall.com/lists/oss-security/2010/01/13/5 http://www.openwall • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2009-3619
https://notcve.org/view.php?id=CVE-2009-3619
Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values." Vulnerabilidad sin especificar en ViewVC v1.0 anterior a v1.0.9 y v1.1 anterior a v1.1.2, tiene un impacto y vectores de ataque desconocidos relacionado con la "impresión ilegal de nombres de parámetros y valores". • http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://secunia.com/advisories/36292 http://secunia.com/advisories/36311 http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.2/CHANGES?revision=2235&pathrev=HEAD http://www.openwall.com/lists/oss-security/2009/10/16/10 http://www.vupen.com/english/advisories/2009/2257 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00557.html https://www.redhat.com/archives/fedora- •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2009-3618
https://notcve.org/view.php?id=CVE-2009-3618
Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en viewvc.py en ViewVC v1.0 anterior a v1.0.9 y v1.1 anterior a v1.1.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "view". NOTA: algunos de estos detalles han sido obtenidos a partir de información de terceros. • http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://osvdb.org/56997 http://secunia.com/advisories/36292 http://secunia.com/advisories/36311 http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.2/CHANGES?revision=2235&pathrev=HEAD http://www.openwall.com/lists/oss-security/2009/10/16/10 http://www.vupen.com/english/advisories/2009/2257 https://exchange.xforce.ibmcloud.com/vulnerabilities/52430 https://www.redhat.com/archives/fedora • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 1%CPEs: 1EXPL: 0CVE-2008-4325
https://notcve.org/view.php?id=CVE-2008-4325
lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object. NOTE: this issue might not be a vulnerability, since it requires attacker access to the repository that is being viewed. lib/viewvc.py en ViewVC v1.0.5 utiliza el parametro "content-type" en la peticion HTTP para la cabecera "content-type" en la respuesta HTTP, que permite a los atacantes remotos provocar una malinterpretacion del contenido por parte del navegador, a traves de el parametro "content-type" que no corresponde con el objeto solicitado. NOTA: Esta caracteristica puede no ser una vulnerabilidad, dado que requiere que el atacante acceda al repositorio que esta viendo. • http://viewvc.tigris.org/issues/show_bug.cgi?id=354 http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?rev=2011&r1=1968&r2=1978 http://viewvc.tigris.org/source/browse/viewvc?rev=1978&view=rev http://www.openwall.com/lists/oss-security/2008/09/19/4 http://www.openwall.com/lists/oss-security/2008/09/20/1 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01101.html https://www.redhat.com/archives/fedora-package-announce/2008-September&# •