CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2015-8537
https://notcve.org/view.php?id=CVE-2015-8537
app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed. app/views/journals/index.builder en Redmine en versiones anteriores a 2.6.9, 3.0.x en versiones anteriores a 3.0.7 y 3.1.x en versiones anteriores a 3.1.3 permite a atacantes remotos obtener información sensible visualizando un feed Atom. • http://www.debian.org/security/2016/dsa-3529 http://www.redmine.org/news/103 https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.8EPSS: 0%CPEs: 6EXPL: 1CVE-2014-1985
https://notcve.org/view.php?id=CVE-2014-1985
Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter). Vulnerabilidad de redirección abierta en la función redirect_back_or_default en app/controllers/application_controller.rb en Redmine anterior a 2.4.5 y 2.5.x anterior a 2.5.1 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL en la url back (parámetro back_url). • http://jvn.jp/en/jp/JVN93004610/index.html http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000041.html http://seclists.org/oss-sec/2014/q2/84 http://secunia.com/advisories/57524 http://www.redmine.org/projects/redmine/wiki/Changelog http://www.redmine.org/projects/redmine/wiki/Changelog_2_4 http://www.redmine.org/projects/redmine/wiki/Security_Advisories http://www.securityfocus.com/bid/66674 https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 41EXPL: 0CVE-2011-4928
https://notcve.org/view.php?id=CVE-2011-4928
Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el formateador texttile en Redmine anterior a v1.0.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante vectores desconocidos. • http://www.debian.org/security/2011/dsa-2261 http://www.openwall.com/lists/oss-security/2012/01/06/5 http://www.openwall.com/lists/oss-security/2012/01/06/7 http://www.redmine.org/news/49 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 96%CPEs: 12EXPL: 1CVE-2011-4929 – Redmine SCM Repository - Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2011-4929
Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors. Vulnerabilidad no especificada en el adaptador repositorio bazaar en Redmine v0.9.x y v 1.0.x anterior a v1.0.5 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • https://www.exploit-db.com/exploits/41695 http://www.debian.org/security/2011/dsa-2261 http://www.openwall.com/lists/oss-security/2012/01/06/5 http://www.openwall.com/lists/oss-security/2012/01/06/7 http://www.redmine.org/news/49 - •
CVSS: 4.3EPSS: 0%CPEs: 52EXPL: 0CVE-2012-0327
https://notcve.org/view.php?id=CVE-2012-0327
Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Redmine antes de v1.3.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN93406632/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000025 http://www.redmine.org/versions/42 http://www.securityfocus.com/bid/52447 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •