94 matches found
SuSE-SA:2004:018: subversion
The remote host is missing the patch for the advisory SuSE-SA:2004:018 subversion. Subversion is a version control system like the well known CVS. The subversion code is vulnerable to a remotely exploitable buffer overflow on the heap. The bug appears before any authentication took place. An...
CVE-2004-0397
Stack-based buffer overflow during the aprtimet data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a 1 DAV2 REPORT query or 2 get-dated-rev svn-protocol command...
Immunity Canvas: SVNDATE
Name| svndate ---|--- CVE| CVE-2004-0397 Exploit Pack| CANVAS Description| Subversion = 1.0.2 utf-8 Apache2/WebDAV stack vs. heap exploit Notes| CVE Name: CVE-2004-0397 VENDOR: Collabnet OSVDB: http://osvdb.org/displayvuln.php?osvdbid=6301 Repeatability: Multiple tries References:...
CVE-2004-0397
Stack-based buffer overflow during the aprtimet data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a 1 DAV2 REPORT query or 2 get-dated-rev svn-protocol command...
CVE-2004-0413
libsvnrasvn in Subversion 1.0.4 trusts the length field of 1 svn://, 2 svn+ssh://, and 3 other svn protocol URL strings, which allows remote attackers to cause a denial of service memory consumption and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer...
CVE-2004-0413
libsvnrasvn in Subversion 1.0.4 trusts the length field of 1 svn://, 2 svn+ssh://, and 3 other svn protocol URL strings, which allows remote attackers to cause a denial of service memory consumption and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer...
[Full-Disclosure] [ GLSA 200406-07 ] Subversion: Remote heap overflow
Gentoo Linux Security Advisory GLSA 200406-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
Subversion: Remote heap overflow
Background Subversion is a revision control system that aims to be a "compelling replacement for CVS". It enjoys wide use in the open source community. svnserve allows access to Subversion repositories using URIs with the svn://, svn+ssh://, and other tunelled svn+:// protocols. Description The s...
Subversion < 1.0.4 Pre-Commit-Hook Remote Overflow
The remote host is reported vulnerable to a remote overflow. An attacker, exploiting this hole, would be given full access to the target machine. Versions of Subversion less than 1.0.4 are vulnerable to this attack. C Tenable Network Security, Inc. include 'compat.inc' ; ifdescription...
Subversion < 1.0.3 apr_time_t data Conversion Remote Overflow
The remote host is vulnerable to a remote stack-based overflow. An attacker, exploiting this hole, would be given full access to the target machine. Versions of Subversion less than 1.0.3 are vulnerable to this attack. This vulnerability was discovered by Stefan Esser and posted to public mailing...
CVE-2004-0397
Stack-based buffer overflow during the aprtimet data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a 1 DAV2 REPORT query or 2 get-dated-rev svn-protocol command...
Buffer overflow in Subversion
Background Subversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture where the server can be an Apache server running modsvn, or an ssh program as in CVS's :ext: method. In addition to supporting the features found in CVS,...
[Full-Disclosure] Advisory 08/2004: Subversion remote vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 e-matters GmbH www.e-matters.de -= Security Advisory =- Advisory: Subversion remote vulnerability Release Date: 2004/05/19 Last Modified: 2004/05/19 Author: Stefan Esser [email protected] Application: Subversion = 1.0.2 Severity: A vulnerability...
subversion date parsing vulnerability
Stefan Esser reports: Subversion versions up to 1.0.2 are vulnerable to a date parsing vulnerability which can be abused to allow remote code execution on Subversion servers and therefore could lead to a repository compromise. NOTE: This vulnerability is similar to the date parsing issue that...