CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2010-0394
https://notcve.org/view.php?id=CVE-2010-0394
10 Feb 2010 — PyGIT.py in the Trac Git plugin (trac-git) before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command. PyGIT.py en el plugin Trac Git (trac-git) anteriores a v0.0.20080710-3+lenny1 y anteriores a v0.0.20090320-1 en Debian GNU/Linux, cuando esta activado Trac, permite a atacantes remotos ejecutar comandos arbitrarios a tra... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567039 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 0CVE-2008-3328
https://notcve.org/view.php?id=CVE-2008-3328
27 Jul 2008 — Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el Motor del wiki en Trac anterior a 0.10.5, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elección a través de vectores desconocidos. • http://secunia.com/advisories/31231 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2007-1405
https://notcve.org/view.php?id=CVE-2007-1405
10 Mar 2007 — Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en la característica "descargar wiki como página de texto" en Trac anterior a 0.10.3.1, cuando se utiliza Microsoft Internet Explorer, permite a atacantes remotos inyectar secuencias de comandos web o HTM... • http://secunia.com/advisories/24470 •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2007-1406
https://notcve.org/view.php?id=CVE-2007-1406
10 Mar 2007 — Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors. Trac anterior a 0.10.3.1 no envía una cabecera de disposición de contenido HTTP especificando un adjunto en ciertas situaciones "no seguras", lo cual tiene un impacto desconocido y vectores de ataque remotos. • http://trac.edgewall.org/wiki/ChangeLog •
CVSS: 8.8EPSS: 1%CPEs: 23EXPL: 0CVE-2006-5878
https://notcve.org/view.php?id=CVE-2006-5878
14 Nov 2006 — Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Edgewall Trac 0.10 y anteriores permite a atacantes remotos realizar acciones no autorizadas como otros usuarios mediante vectores desconocidos. • http://secunia.com/advisories/22789 •
CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0CVE-2006-3695
https://notcve.org/view.php?id=CVE-2006-3695
19 Jul 2006 — Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458. Trac anterior a 0.9.6 no deshabilita los comandos "raw" o "nclude" cuando se mantiene a usuarios no válidos con la funcionalidad de texto reestr... • http://secunia.com/advisories/20958 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2106
https://notcve.org/view.php?id=CVE-2006-2106
29 Apr 2006 — Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro." • http://jvn.jp/jp/JVN%2384091359/index.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2005-4644
https://notcve.org/view.php?id=CVE-2005-4644
31 Dec 2005 — Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag. • http://projects.edgewall.com/trac/ticket/2473 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2005-4305
https://notcve.org/view.php?id=CVE-2005-4305
17 Dec 2005 — Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page. • http://projects.edgewall.com/trac/wiki/ChangeLog •
CVSS: 9.8EPSS: 3%CPEs: 6EXPL: 2CVE-2005-4065 – Edgewall Software Trac 0.7.1/0.8/0.9 Search Module - SQL Injection
https://notcve.org/view.php?id=CVE-2005-4065
07 Dec 2005 — SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors. • https://www.exploit-db.com/exploits/26732 •