CVE-2010-5108
https://notcve.org/view.php?id=CVE-2010-5108
Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions. Trac versión 0.11.6, no comprueba apropiadamente los permisos de flujo de trabajo antes de modificar un ticket. Un atacante puede explotar esto para cambiar el estado y la resolución de los tickets sin tener los permisos apropiados. • http://www.openwall.com/lists/oss-security/2013/02/13/2 https://access.redhat.com/security/cve/cve-2010-5108 https://security-tracker.debian.org/tracker/CVE-2010-5108 • CWE-276: Incorrect Default Permissions •
CVE-2009-4405
https://notcve.org/view.php?id=CVE-2009-4405
Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to (1) "policy checks in report results when using alternate formats" or (2) a "check for the 'raw' role that is missing in docutils < 0.6." Mútiples vulnerabilidades no especificadas en Trac versiones anteriores a v0.11.6 tienen impacto y vectores de ataque desconocidos, posiblemente relacionados con (1) "verificaciones de políticas en informes de resultados cuando se usan formatos alternativos" o (2) una "verificación para el role 'raw' que no se encuentra en docutils < 0.6". • http://secunia.com/advisories/37807 http://secunia.com/advisories/37901 http://trac.edgewall.org/browser/tags/trac-0.11.6/RELEASE http://www.vupen.com/english/advisories/2009/3615 https://bugzilla.redhat.com/show_bug.cgi?id=542394 https://exchange.xforce.ibmcloud.com/vulnerabilities/54983 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01169.html •
CVE-2008-3328
https://notcve.org/view.php?id=CVE-2008-3328
Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el Motor del wiki en Trac anterior a 0.10.5, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elección a través de vectores desconocidos. • http://secunia.com/advisories/31231 http://secunia.com/advisories/31314 http://trac.edgewall.org/wiki/ChangeLog http://www.securityfocus.com/bid/30400 http://www.vupen.com/english/advisories/2008/2223/references https://exchange.xforce.ibmcloud.com/vulnerabilities/44016 https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-5878
https://notcve.org/view.php?id=CVE-2006-5878
Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Edgewall Trac 0.10 y anteriores permite a atacantes remotos realizar acciones no autorizadas como otros usuarios mediante vectores desconocidos. • http://secunia.com/advisories/22789 http://secunia.com/advisories/22868 http://secunia.com/advisories/23357 http://security.gentoo.org/glsa/glsa-200612-14.xml http://trac.edgewall.org/ticket/4049 http://trac.edgewall.org/wiki/ChangeLog http://www.debian.org/security/2006/dsa-1209 http://www.vupen.com/english/advisories/2006/4422 https://exchange.xforce.ibmcloud.com/vulnerabilities/30146 •
CVE-2005-3980 – Edgewall Software Trac 0.9 Ticket Query Module - SQL Injection
https://notcve.org/view.php?id=CVE-2005-3980
SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter. • https://www.exploit-db.com/exploits/26693 http://projects.edgewall.com/trac/wiki/ChangeLog http://secunia.com/advisories/17836 http://securitytracker.com/id?1015302 http://www.osvdb.org/21386 http://www.securityfocus.com/archive/1/418294/100/0/threaded http://www.securityfocus.com/bid/15676 http://www.vupen.com/english/advisories/2005/2701 https://exchange.xforce.ibmcloud.com/vulnerabilities/23461 •