359 matches found
[SECURITY] [DSA 1209-1] New trac packages fix cross-site request forgery
-------------------------------------------------------------------------- Debian Security Advisory DSA 1209-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 12th, 2006 http://www.debian.org/security/faq -...
DSA-1209 trac
Bulletin has no description...
Debian DSA-1152-1 : trac - missing input sanitising
Felix Wiemann discovered that trac, an enhanced Wiki and issue tracking system for software development projects, can be used to disclose arbitrary local files. To fix this problem, python-docutils needs to be updated as well. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...
Debian DSA-951-2 : trac - missing input sanitising
This update corrects the search feature in trac, an enhanced wiki and issue tracking system for software development projects, which broke with the last security update. For completeness please find below the original advisory text : Several vulnerabilities have been discovered in trac, an enhanc...
[SECURITY] [DSA 1152-1] New trac packages fix information disclosure
-------------------------------------------------------------------------- Debian Security Advisory DSA 1152-1 [email protected] http://www.debian.org/security/ Martin Schulze August 18th, 2006 http://www.debian.org/security/faq -...
DSA-1152 trac - missing input sanitising
Bulletin has no description...
PYSEC-2006-2
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting XSS attacks, or cause a denial of service via...
CVE-2006-3695
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting XSS attacks, or cause a denial of service via...
CVE-2006-3695
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting XSS attacks, or cause a denial of service via...
DEBIAN-CVE-2006-3695
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting XSS attacks, or cause a denial of service via...
CVE-2006-3695
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting XSS attacks, or cause a denial of service via...
PYSEC-2006-2
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting XSS attacks, or cause a denial of service via...
CVE-2006-3695
Trac up to 0.9.5/0.9.6 era vulnerability: enabling reStructuredText functionality via docutils allows remote access to read arbitrary files, possible XSS, and denial of service due to not disabling the raw/include commands for untrusted users. No patch/version details are provided in the supplied...
CVE-2006-3695
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting XSS attacks, or cause a denial of service via...
CVE-2006-3695
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting XSS attacks, or cause a denial of service via...
[SA20958] Trac "reStructuredText" Directives Vulnerability
---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Reversing must be a passion as your skills will be challenged on a daily basis and you will be working several hours everyday in IDA, Ollydbg, and with BinDiff. Often, it is also requir...
FreeBSD : trac -- reStructuredText breach of privacy and denial of service vulnerability (b0d61f73-0e11-11db-a47b-000c2957fdf1)
The Trac 0.9.6 Release Notes reports : Fixed reStructuredText breach of privacy and denial of service vulnerability found by Felix Wiemann. The discovered vulnerability requires docutils to be installed and enabled. Systems that do not have docutils installed or enabled are not vulnerable. As of...
trac -- reStructuredText breach of privacy and denial of service vulnerability
The Trac 0.9.6 Release Notes reports: Fixed reStructuredText breach of privacy and denial of service vulnerability found by Felix Wiemann. The discovered vulnerability requires docutils to be installed and enabled. Systems that do not have docutils installed or enabled are not vulnerable. As of...
FreeBSD : trac -- Wiki Macro Script Insertion Vulnerability (400d9d22-d6c5-11da-a14b-00123ffe8333)
Secunia reports : A vulnerability has been reported, which can be exploited by malicious people to conduct script insertion attacks. Input passed using the wiki macro isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed...
FreeBSD : trac -- search module SQL injection vulnerability (7289187b-66a5-11da-99f6-00123ffe8333)
Secunia reports : A vulnerability has been reported in Trac, which can be exploited by malicious people to conduct SQL injection attacks. Some unspecified input passed in the search module isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries b...