1 results (0.017 seconds)

CVSS: 8.5EPSS: 1%CPEs: 5EXPL: 0

CVE-2007-6350

https://notcve.org/view.php?id=CVE-2007-6350

scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks. scponly versiones 4.6 y anteriores, permite a los usuarios autenticados remotos omitir las restricciones previstas y ejecutar código invocando subcomandos peligrosos incluyendo (1) unison, (2) rsync, (3) svn, y (4) svnserve, como es demostrado originalmente mediante la creación de un repositorio Subversion (SVN) con ganchos (hooks) maliciosos, luego usando svn para desencadenar la ejecución de esos ganchos (hooks). • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148 http://bugs.gentoo.org/show_bug.cgi?id=201726 http://osvdb.org/44137 http://scponly.cvs.sourceforge.net/scponly/scponly/SECURITY?view=markup http://secunia.com/advisories/28123 http://secunia.com/advisories/28538 http://secunia.com/advisories/28944 http://secunia.com/advisories/28981 http://security.gentoo.org/glsa/glsa-200802-06.xml http://www.debian.org/security/2008/dsa-1473 http://www.securityfocus.com/bid • CWE-264: Permissions, Privileges, and Access Controls •