NotCVE - vendor:"Edgewall" product:"Trac" version:"0.11.4"

4 results (0.012 seconds)

CVSS: 9.8EPSS: 0%CPEs: 45EXPL: 0

CVE-2009-4405

https://notcve.org/view.php?id=CVE-2009-4405

23 Dec 2009 — Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to (1) "policy checks in report results when using alternate formats" or (2) a "check for the 'raw' role that is missing in docutils < 0.6." Mútiples vulnerabilidades no especificadas en Trac versiones anteriores a v0.11.6 tienen impacto y vectores de ataque desconocidos, posiblemente relacionados con (1) "verificaciones de políticas en informes de resultados cuando se usan formatos alternativ... • http://secunia.com/advisories/37807 •

CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 0

CVE-2008-3328

https://notcve.org/view.php?id=CVE-2008-3328

27 Jul 2008 — Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el Motor del wiki en Trac anterior a 0.10.5, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elección a través de vectores desconocidos. • http://secunia.com/advisories/31231 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 1%CPEs: 23EXPL: 0

CVE-2006-5878

https://notcve.org/view.php?id=CVE-2006-5878

14 Nov 2006 — Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Edgewall Trac 0.10 y anteriores permite a atacantes remotos realizar acciones no autorizadas como otros usuarios mediante vectores desconocidos. • http://secunia.com/advisories/22789 •

CVSS: 9.8EPSS: 2%CPEs: 15EXPL: 3

CVE-2005-3980 – Edgewall Software Trac 0.9 Ticket Query Module - SQL Injection

https://notcve.org/view.php?id=CVE-2005-3980

04 Dec 2005 — SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter. • https://www.exploit-db.com/exploits/26693 •