CVSS: 10.0EPSS: 94%CPEs: 1EXPL: 3CVE-2021-32305 – Websvn 2.6.0 - Remote Code Execution (Unauthenticated)
https://notcve.org/view.php?id=CVE-2021-32305
WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter. WebSVN versiones anteriores a 2.6.1, permite a atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres shell en el parámetro search Websvn version 2.6.0 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/50042 https://github.com/FredBrave/CVE-2021-32305-websvn-2.6.0 http://packetstormsecurity.com/files/163225/Websvn-2.6.0-Remote-Code-Execution.html https://github.com/websvnphp/websvn/pull/142 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2016-2511 – WebSVN 2.3.3 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2016-2511
Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php. Vulnerabilidad de XXS en WebSVN 2.3.3 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro path a log.php. WebSVN version 2.3.3 suffers from a cross site scripting vulnerability. • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179168.html http://packetstormsecurity.com/files/135886/WebSVN-2.3.3-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2016/Feb/99 http://www.debian.org/security/2016/dsa-3490 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2011-5221
https://notcve.org/view.php?id=CVE-2011-5221
Cross-site scripting (XSS) vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to (1) comp.php, (2) diff.php, or (3) revision.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función getLog en svnlook.php en WebSVN anteriores a v2.3.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro path sobre (1) comp.php, (2) diff.php, o (3) revision.php. • http://osvdb.org/77941 http://osvdb.org/77942 http://osvdb.org/77943 http://secunia.com/advisories/47288 http://st2tea.blogspot.com/2011/12/websvn-cross-site-scripting.html http://websvn.tigris.org/issues/show_bug.cgi?id=275 http://www.securityfocus.com/bid/51109 http://www.securitytracker.com/id?1026438 https://exchange.xforce.ibmcloud.com/vulnerabilities/71888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 19EXPL: 2CVE-2008-5920 – WebSVN 2.0 - Cross-Site Scripting / File Handling / Code Execution
https://notcve.org/view.php?id=CVE-2008-5920
The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch. La función create_anchors en utils.inc en WebSVN v1.x permite a atacantes remotos ejecutar código PHP de su elección a través de nombres de usuario manipulados que es procesado por la función preg_replace con el switch "eval". • https://www.exploit-db.com/exploits/6822 http://securityreason.com/securityalert/4928 http://www.gulftech.org/?node=research&article_id=00132-10202008 http://www.securityfocus.com/bid/31891 https://exchange.xforce.ibmcloud.com/vulnerabilities/48168 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 3CVE-2008-5918 – WebSVN 2.0 - Cross-Site Scripting / File Handling / Code Execution
https://notcve.org/view.php?id=CVE-2008-5918
Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función getParameterisedSelfUrl en index.php en WebSVN v2.0 y anteriores permite a atacantes remotos inyectar secuencias de comando web o HTML de su elección a través de PATH_INFO. • https://www.exploit-db.com/exploits/6822 http://secunia.com/advisories/32338 http://secunia.com/advisories/34191 http://securityreason.com/securityalert/4928 http://websvn.tigris.org/issues/show_bug.cgi?id=179 http://websvn.tigris.org/servlets/NewsItemView?newsItemID=2218 http://www.gentoo.org/security/en/glsa/glsa-200903-20.xml http://www.gulftech.org/?node=research&article_id=00132-10202008 http://www.securityfocus.com/bid/31891 https://exchange.xforce.ibmcloud.com/vulnerabilities& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •