CVE-2009-4405
https://notcve.org/view.php?id=CVE-2009-4405
Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to (1) "policy checks in report results when using alternate formats" or (2) a "check for the 'raw' role that is missing in docutils < 0.6." Mútiples vulnerabilidades no especificadas en Trac versiones anteriores a v0.11.6 tienen impacto y vectores de ataque desconocidos, posiblemente relacionados con (1) "verificaciones de políticas en informes de resultados cuando se usan formatos alternativos" o (2) una "verificación para el role 'raw' que no se encuentra en docutils < 0.6". • http://secunia.com/advisories/37807 http://secunia.com/advisories/37901 http://trac.edgewall.org/browser/tags/trac-0.11.6/RELEASE http://www.vupen.com/english/advisories/2009/3615 https://bugzilla.redhat.com/show_bug.cgi?id=542394 https://exchange.xforce.ibmcloud.com/vulnerabilities/54983 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01169.html •
CVE-2008-5646
https://notcve.org/view.php?id=CVE-2008-5646
Unspecified vulnerability in Trac before 0.11.2 allows attackers to cause a denial of service via unknown attack vectors related to "certain wiki markup." Vulnerabilidad no especificada en Trac anterior a v0.11.2, permite a los atacantes provocar una denegación de servicio a través de vectores de ataque desconocidos relacionados con "determinado marcado wiki" (certain wiki markup). • http://secunia.com/advisories/32652 http://trac.edgewall.org/wiki/ChangeLog http://www.securityfocus.com/bid/32226 http://www.vupen.com/english/advisories/2008/3080 https://exchange.xforce.ibmcloud.com/vulnerabilities/46492 •
CVE-2008-5647
https://notcve.org/view.php?id=CVE-2008-5647
Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors. Vulnerabilidad no especificada en el filtro HTML sanitizer de Trac anterior a 0.11.2, permite a los atacantes dirigir ataques de phishing a través de vectores de ataque desconocidos. • http://secunia.com/advisories/32652 http://trac.edgewall.org/wiki/ChangeLog http://www.securityfocus.com/bid/32226 http://www.vupen.com/english/advisories/2008/3080 https://exchange.xforce.ibmcloud.com/vulnerabilities/46491 •
CVE-2008-2951
https://notcve.org/view.php?id=CVE-2008-2951
Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function. Una vulnerabilidad de Redireccionamiento Abierto en el script de búsqueda en Trac anterior a versión 0.10.5, permite a los atacantes remotos redireccionar a los usuarios a sitios web arbitrarios y conducir ataques de phishing por medio de una URL en el parámetro q, posiblemente relacionada con la función quickjump. • http://holisticinfosec.org/content/view/72/45 http://secunia.com/advisories/31314 http://trac.edgewall.org/wiki/ChangeLog http://www.osvdb.org/46513 http://www.securityfocus.com/bid/30402 https://exchange.xforce.ibmcloud.com/vulnerabilities/44043 https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2008-3328
https://notcve.org/view.php?id=CVE-2008-3328
Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el Motor del wiki en Trac anterior a 0.10.5, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elección a través de vectores desconocidos. • http://secunia.com/advisories/31231 http://secunia.com/advisories/31314 http://trac.edgewall.org/wiki/ChangeLog http://www.securityfocus.com/bid/30400 http://www.vupen.com/english/advisories/2008/2223/references https://exchange.xforce.ibmcloud.com/vulnerabilities/44016 https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •