CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-15577 – Debian Security Advisory 4191-1
https://notcve.org/view.php?id=CVE-2017-15577
18 Oct 2017 — Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information. Redmine en versiones anteriores a la 3.2.6 y 3.3.x en versiones anteriores a la 3.3.3 gestiona de manera incorrecta la presentación de enlaces wiki, lo que permite que atacantes remotos obtengan información sensible. Multiple vulnerabilities were discovered in Redmine, a project management web application. They could lead to remote code execution, information dis... • https://www.debian.org/security/2018/dsa-4191 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8477
https://notcve.org/view.php?id=CVE-2015-8477
23 May 2017 — Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering. Vulnerabilidad de tipo Cross-site scripting (XSS) en Redmine versiones anteriores a la 2.6.2, que permitiría a atacantes remotos inyectar secuencias de comando web arbitrarias o HTML a través de vectores que involucren el renderizado de mensajes flash. • http://www.openwall.com/lists/oss-security/2015/12/05/7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2015-8346 – Debian Security Advisory 3529-1
https://notcve.org/view.php?id=CVE-2015-8346
23 Mar 2016 — app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form. app/views/timelog/_form.html.erb en Redmine en versiones anteriores a 2.6.8, 3.0.x en versiones anteriores a 3.0.6 y 3.1.x en versiones anteriores a 3.1.2 permite a atacantes remotos obtener información sensible sobre temas de problemas visualizando el formulario de tiempo de acceso. Multiple vu... • http://www.debian.org/security/2016/dsa-3529 • CWE-199: Information Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2015-8473 – Debian Security Advisory 3529-1
https://notcve.org/view.php?id=CVE-2015-8473
23 Mar 2016 — The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects. La API Issues en Redmine en versiones anteriores a 2.6.8, 3.0.x en versiones anteriores a 3.0.6 y 3.1.x en versiones anteriores a 3.1.2 permite a usuarios remotos autenticados obtener información sensible de mensajes changeset aprovechando el permiso para ... • http://www.debian.org/security/2016/dsa-3529 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.4EPSS: 0%CPEs: 10EXPL: 0CVE-2015-8474 – Debian Security Advisory 3529-1
https://notcve.org/view.php?id=CVE-2015-8474
23 Mar 2016 — Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by "@attacker.com," a different vulnerability than CVE-2014-1985. Vulnerabilidad de redirección abierta en la función valid_back_url en app/controllers/application_controller.rb en Redmine en vers... • http://www.debian.org/security/2016/dsa-3529 •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2015-8537 – Debian Security Advisory 3529-1
https://notcve.org/view.php?id=CVE-2015-8537
23 Mar 2016 — app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed. app/views/journals/index.builder en Redmine en versiones anteriores a 2.6.9, 3.0.x en versiones anteriores a 3.0.7 y 3.1.x en versiones anteriores a 3.1.3 permite a atacantes remotos obtener información sensible visualizando un feed Atom. Multiple vulnerabilities have been found in Redmine, a project management web application, ... • http://www.debian.org/security/2016/dsa-3529 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 6EXPL: 1CVE-2014-1985
https://notcve.org/view.php?id=CVE-2014-1985
11 Apr 2014 — Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter). Vulnerabilidad de redirección abierta en la función redirect_back_or_default en app/controllers/application_controller.rb en Redmine anterior a 2.4.5 y 2.5.x anterior a 2.5.1 permite a atacantes remotos rediri... • http://jvn.jp/en/jp/JVN93004610/index.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 41EXPL: 0CVE-2011-4928
https://notcve.org/view.php?id=CVE-2011-4928
08 Oct 2012 — Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el formateador texttile en Redmine anterior a v1.0.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante vectores desconocidos. • http://www.debian.org/security/2011/dsa-2261 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 52EXPL: 0CVE-2012-0327
https://notcve.org/view.php?id=CVE-2012-0327
04 Apr 2012 — Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Redmine antes de v1.3.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN93406632/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 52EXPL: 0CVE-2012-2054 – Honeywell HMIWeb Browser ActiveX Control RequestDSPLoad Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-2054
04 Apr 2012 — Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a "mass assignment" vulnerability, a different vulnerability than CVE-2012-0327. Redmine antes de v1.3.2 no restringe adecuadamente el uso de un ... • http://www.redmine.org/boards/2/topics/29343 • CWE-255: Credentials Management Errors •