CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-0246
https://notcve.org/view.php?id=CVE-2007-0246
plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO. plugins/scmcvs/www/cvsweb.php en el CGI CVSWeb de GForge 4.5.16 anterior al 24/05/2007, también conocido como gforge-plugin-scmcvs, permite a atacantes remotos ejecutar comandos de su elección mediante metacaracteres de línea de comandos en el PATH_INFO. • http://gforge.org/scm/viewvc.php/branches/Branch_4_5/gforge/plugins/scmcvs/www/cvsweb.php?root=gforge&r1=5849&r2=6038&pathrev=6038 http://osvdb.org/36526 http://secunia.com/advisories/25395 http://secunia.com/advisories/25416 http://www.debian.org/security/2007/dsa-1297 http://www.securityfocus.com/bid/24141 http://www.vupen.com/english/advisories/2007/1942 https://exchange.xforce.ibmcloud.com/vulnerabilities/34510 •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 2CVE-2007-2298 – Garennes 0.6.1 - 'repertoire_config' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-2298
Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertoire_config parameter to index.php in (1) cpe/, (2) direction/, or (3) professeurs/. Múltiples vulnerabilidades de inclusión remota de archivo en PHP en Garennes 0.6.1 y versiones anteriores permiten a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro repertoire_config en index.php en (1) cpe/, (2) direction/, ó (3) professeurs/. • https://www.exploit-db.com/exploits/3732 http://osvdb.org/35771 http://www.securityfocus.com/bid/23479 http://www.vupen.com/english/advisories/2007/1389 •
CVSS: 6.8EPSS: 12%CPEs: 1EXPL: 2CVE-2007-0176
https://notcve.org/view.php?id=CVE-2007-0176
Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en search/advanced_search.php del GForge 4.5.11 permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección en el parámetro word. • http://osvdb.org/31248 http://secunia.com/advisories/23675 http://secunia.com/advisories/28598 http://securityreason.com/securityalert/2133 http://securitytracker.com/id?1017482 http://www.debian.org/security/2008/dsa-1475 http://www.eazel.es/advisory006-gforge-cross-site-scripting-vulnerability.html http://www.securityfocus.com/archive/1/456296/100/0/threaded http://www.securityfocus.com/bid/21946 https://exchange.xforce.ibmcloud.com/vulnerabilities/31346 •
CVSS: 6.4EPSS: 1%CPEs: 4EXPL: 2CVE-2005-1752 – GForge 3.x - Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2005-1752
viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file_name parameter. • https://www.exploit-db.com/exploits/25693 http://marc.info/?l=bugtraq&m=111695779919830&w=2 http://secunia.com/advisories/13845 http://www.securityfocus.com/bid/13716 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2431
https://notcve.org/view.php?id=CVE-2005-2431
The (1) lost password and (2) account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail address, which allows remote attackers to send a large number of messages to arbitrary e-mail addresses (aka mail bomb). Las funcionalidades pendientes de password perdido o cuenta en GForge 4.5 no fijan adecuadamente un límite en el número de e-mails enviados a una dirección de e-mail, lo que permite que atacantes remotos envíen un número elevado de mensajes a direcciones e-mail arbitrarias ("bomba de correo"). • http://marc.info/?l=bugtraq&m=112259845904350&w=2 •