7 results (0.006 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary commands against the underlying operating system. Se ha encontrado un fallo en WebSVN versión 2.3.2. Sin autenticación previa, si la opción "allowDownload" está habilitada en el archivo config.php, un atacante puede invocar el script dl.php y pasar un argumento "path" bien formado para ejecutar comandos arbitrarios contra el sistema operativo subyacente • https://seclists.org/bugtraq/2011/Jun/34 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 10.0EPSS: 95%CPEs: 1EXPL: 3

WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter. WebSVN versiones anteriores a 2.6.1, permite a atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres shell en el parámetro search Websvn version 2.6.0 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/50042 https://github.com/FredBrave/CVE-2021-32305-websvn-2.6.0 http://packetstormsecurity.com/files/163225/Websvn-2.6.0-Remote-Code-Execution.html https://github.com/websvnphp/websvn/pull/142 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a repository. Múltiples vulnerabilidades de XSS en (1) revision.php, (2) log.php, (3) listing.php y (4) comp.php en WebSVN permite a atacantes dependientes de contexto inyectar secuencias de comandos web o HTML arbitrarios a través de el nombre de un (a) archivo o (b) directorio en un repositorio. • http://www.debian.org/security/2016/dsa-3572 http://www.openwall.com/lists/oss-security/2016/05/05/22 https://bugzilla.redhat.com/show_bug.cgi?id=1333673 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2

Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php. Vulnerabilidad de XXS en WebSVN 2.3.3 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro path a log.php. WebSVN version 2.3.3 suffers from a cross site scripting vulnerability. • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179168.html http://packetstormsecurity.com/files/135886/WebSVN-2.3.3-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2016/Feb/99 http://www.debian.org/security/2016/dsa-3490 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit. WebSVN 2.3.3 permite a usuarios remotos autenticados leer archivos arbitrarios a través de un ataque symlink en un commit • http://secunia.com/advisories/62233 http://www.debian.org/security/2015/dsa-3137 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775682 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •