Lucene search
+L

359 matches found

NVD
NVD
added 2005/07/06 4:0 a.m.17 views

CVE-2005-2147

Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the 1 upload or 2 attachment viewer scripts...

6.4CVSS6.5AI score0.01417EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2005/07/06 4:0 a.m.19 views

CVE-2005-2147

Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the 1 upload or 2 attachment viewer scripts...

6.4CVSS6.1AI score0.01417EPSS
Exploits0References1
Cvelist
Cvelist
added 2005/07/06 4:0 a.m.22 views

CVE-2005-2147

Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the 1 upload or 2 attachment viewer scripts...

6.5AI score0.01417EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2005/07/06 4:0 a.m.36 views

CVE-2005-2147

Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the 1 upload or 2 attachment viewer scripts...

6.4CVSS5.2AI score0.01417EPSS
Exploits0
CVE
CVE
added 2005/07/06 4:0 a.m.65 views

CVE-2005-2147

CVE-2005-2147 concerns Trac prior to 0.8.4. Multiple connected sources confirm a flaw where an attacker can read or upload arbitrary files by supplying a full pathname in the id parameter to the upload or attachment viewer scripts. The vulnerability enables remote access to files and, in some con...

6.4CVSS6.5AI score0.01417EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2005/07/06 4:0 a.m.2 views

DEBIAN-CVE-2005-2147

Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the 1 upload or 2 attachment viewer scripts...

6.4CVSS6.8AI score0.01417EPSS
Exploits0References1
OSV
OSV
added 2005/07/06 4:0 a.m.7 views

CVE-2005-2147

Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the 1 upload or 2 attachment viewer scripts...

6.5AI score
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2005/07/06 12:0 a.m.13 views

Debian DSA-739-1 : trac - missing input sanitising

Stefan Esser discovered an input validation flaw within Trac, a wiki and issue tracking system, that allows download/upload of files and therefore can lead to remote code execution in some configurations. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks...

6.4CVSS6.2AI score0.01791EPSS
Exploits0References3
OSV
OSV
added 2005/07/06 12:0 a.m.14 views

DSA-739-1 trac - missing input sanitising

Bulletin has no description...

6.4CVSS6.4AI score0.01417EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/06/23 12:0 a.m.16 views

GLSA-200506-21 : Trac: File upload vulnerability

The remote host is affected by the vulnerability described in GLSA-200506-21 Trac: File upload vulnerability Stefan Esser of the Hardened-PHP project discovered that Trac fails to validate the 'id' parameter when uploading attachments to the wiki or the bug tracking system. Impact : A remote...

6.1AI score
Exploits0References2
Gentoo Linux
Gentoo Linux
added 2005/06/22 12:0 a.m.11 views

Trac: File upload vulnerability

Background Trac is a minimalistic web-based project management, wiki and bug tracking system including a Subversion interface. Description Stefan Esser of the Hardened-PHP project discovered that Trac fails to validate the "id" parameter when uploading attachments to the wiki or the bug tracking...

3AI score
Exploits0
CVE
CVE
added 2005/06/20 4:0 a.m.58 views

CVE-2005-2007

CVE-2005-2007 describes a directory-traversal vulnerability in Edgewall Trac 0.8.3 and earlier. The issue permits remote attackers to read or write arbitrary files by supplying a double-dot path in the id parameter to the (1) upload or (2) attachment scripts. The initial and connected data consis...

6.4CVSS6.8AI score0.01791EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2005/06/20 4:0 a.m.20 views

CVE-2005-2007

Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. dot dot in the id parameter to the 1 upload or 2 attachment scripts...

6.4CVSS4.9AI score0.01791EPSS
Exploits0
Cvelist
Cvelist
added 2005/06/20 4:0 a.m.20 views

CVE-2005-2007

Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. dot dot in the id parameter to the 1 upload or 2 attachment scripts...

6.8AI score0.01791EPSS
Exploits0References4
securityvulns
securityvulns
added 2005/06/20 12:0 a.m.93 views

[Full-disclosure] Advisory 01/2005: Fileupload/download vulnerability in Trac

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Happy Python Hackers Project www.hardened-php.net -= Security Advisory =- Advisory: Fileupload/download vulnerability in Trac Release Date: 2005/06/20 Last Modified: 2005/06/20 Author: Stefan Esser [email protected] Application: Trac = 0.8.3...

0.3AI score
Exploits0
FreeBSD
FreeBSD
added 2005/06/20 12:0 a.m.28 views

trac -- file upload/download vulnerability

Stefan Esser reports: Trac's wiki and ticket systems allows to add attachments to wiki entries and bug tracker tickets. These attachments are stored within directories that are determined by the id of the corresponding ticket or wiki entry. Due to a missing validation of the id parameter it is...

0.8AI score
Exploits0References2
NVD
NVD
added 2005/06/19 4:0 a.m.17 views

CVE-2005-2007

Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. dot dot in the id parameter to the 1 upload or 2 attachment scripts...

6.4CVSS6.8AI score0.01791EPSS
Exploits0References4
OSV
OSV
added 2005/06/19 4:0 a.m.7 views

CVE-2005-2007

Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. dot dot in the id parameter to the 1 upload or 2 attachment scripts...

7AI score
Exploits0References7
OSV
OSV
added 2005/06/19 4:0 a.m.4 views

DEBIAN-CVE-2005-2007

Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. dot dot in the id parameter to the 1 upload or 2 attachment scripts...

6.4CVSS7.1AI score0.01791EPSS
Exploits0References1
Rows per page
Query Builder