Search CVE reports
11 – 20 of 26 results
CVE-2010-0132
Medium priorityCross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via...
1 affected package
viewvc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
viewvc | — | — | — | — | — |
CVE-2010-0736
Medium priorityCross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via “user-provided input.”
1 affected package
viewvc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
viewvc | — | — | — | — | — |
CVE-2010-0005
Medium priorityquery.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query.
1 affected package
viewvc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
viewvc | — | — | — | — | — |
CVE-2010-0004
Medium priorityViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.
1 affected package
viewvc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
viewvc | — | — | — | — | — |
CVE-2009-3619
Low priorityUnspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to “printing illegal parameter names and values.”
1 affected package
viewvc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
viewvc | — | — | — | — | — |
CVE-2009-3618
Low priorityCross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained...
1 affected package
viewvc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
viewvc | — | — | — | — | — |
CVE-2008-4325
Negligible prioritylib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via...
1 affected package
viewvc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
viewvc | — | — | — | — | — |
CVE-2008-1292
Low priorityViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log...
2 affected packages
viewcvs, viewvc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
viewcvs | — | — | — | — | — |
viewvc | — | — | — | — | — |
CVE-2008-1291
Low priorityViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
2 affected packages
viewcvs, viewvc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
viewcvs | — | — | — | — | — |
viewvc | — | — | — | — | — |
CVE-2008-1290
Low priorityViewVC before 1.0.5 includes “all-forbidden” files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.
2 affected packages
viewcvs, viewvc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
viewcvs | — | — | — | — | — |
viewvc | — | — | — | — | — |