7 results (0.009 seconds)

CVSS: 10.0EPSS: 95%CPEs: 1EXPL: 3

WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter. WebSVN versiones anteriores a 2.6.1, permite a atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres shell en el parámetro search Websvn version 2.6.0 suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/50042 https://github.com/FredBrave/CVE-2021-32305-websvn-2.6.0 http://packetstormsecurity.com/files/163225/Websvn-2.6.0-Remote-Code-Execution.html https://github.com/websvnphp/websvn/pull/142 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2

Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php. Vulnerabilidad de XXS en WebSVN 2.3.3 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro path a log.php. WebSVN version 2.3.3 suffers from a cross site scripting vulnerability. • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179168.html http://packetstormsecurity.com/files/135886/WebSVN-2.3.3-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2016/Feb/99 http://www.debian.org/security/2016/dsa-3490 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1

Cross-site scripting (XSS) vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to (1) comp.php, (2) diff.php, or (3) revision.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función getLog en svnlook.php en WebSVN anteriores a v2.3.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro path sobre (1) comp.php, (2) diff.php, o (3) revision.php. • http://osvdb.org/77941 http://osvdb.org/77942 http://osvdb.org/77943 http://secunia.com/advisories/47288 http://st2tea.blogspot.com/2011/12/websvn-cross-site-scripting.html http://websvn.tigris.org/issues/show_bug.cgi?id=275 http://www.securityfocus.com/bid/51109 http://www.securitytracker.com/id?1026438 https://exchange.xforce.ibmcloud.com/vulnerabilities/71888 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 19EXPL: 2

The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch. La función create_anchors en utils.inc en WebSVN v1.x permite a atacantes remotos ejecutar código PHP de su elección a través de nombres de usuario manipulados que es procesado por la función preg_replace con el switch "eval". • https://www.exploit-db.com/exploits/6822 http://securityreason.com/securityalert/4928 http://www.gulftech.org/?node=research&article_id=00132-10202008 http://www.securityfocus.com/bid/31891 https://exchange.xforce.ibmcloud.com/vulnerabilities/48168 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.8EPSS: 0%CPEs: 20EXPL: 3

Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter. Vulnerabilidad de salto de directorio en rss.php en WebSVN v2.0 y anteriores, cuando magic_quotes_gpc está deshabilitado, permite a atacantes remotos sobrescribir ficheros de su elección a través de secuencias de salto de directorio en el parámetro "rev". • https://www.exploit-db.com/exploits/6822 http://secunia.com/advisories/32338 http://secunia.com/advisories/34191 http://securityreason.com/securityalert/4928 http://websvn.tigris.org/issues/show_bug.cgi?id=179 http://websvn.tigris.org/servlets/NewsItemView?newsItemID=2218 http://www.gentoo.org/security/en/glsa/glsa-200903-20.xml http://www.gulftech.org/?node=research&article_id=00132-10202008 http://www.securityfocus.com/bid/31891 https://exchange.xforce.ibmcloud.com/vulnerabilities& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •