359 matches found
CVE-2005-2147
Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the 1 upload or 2 attachment viewer scripts...
CVE-2005-2147
Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the 1 upload or 2 attachment viewer scripts...
CVE-2005-2147
Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the 1 upload or 2 attachment viewer scripts...
CVE-2005-2147
Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the 1 upload or 2 attachment viewer scripts...
CVE-2005-2147
CVE-2005-2147 concerns Trac prior to 0.8.4. Multiple connected sources confirm a flaw where an attacker can read or upload arbitrary files by supplying a full pathname in the id parameter to the upload or attachment viewer scripts. The vulnerability enables remote access to files and, in some con...
DEBIAN-CVE-2005-2147
Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the 1 upload or 2 attachment viewer scripts...
CVE-2005-2147
Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the 1 upload or 2 attachment viewer scripts...
Debian DSA-739-1 : trac - missing input sanitising
Stefan Esser discovered an input validation flaw within Trac, a wiki and issue tracking system, that allows download/upload of files and therefore can lead to remote code execution in some configurations. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks...
DSA-739-1 trac - missing input sanitising
Bulletin has no description...
GLSA-200506-21 : Trac: File upload vulnerability
The remote host is affected by the vulnerability described in GLSA-200506-21 Trac: File upload vulnerability Stefan Esser of the Hardened-PHP project discovered that Trac fails to validate the 'id' parameter when uploading attachments to the wiki or the bug tracking system. Impact : A remote...
Trac: File upload vulnerability
Background Trac is a minimalistic web-based project management, wiki and bug tracking system including a Subversion interface. Description Stefan Esser of the Hardened-PHP project discovered that Trac fails to validate the "id" parameter when uploading attachments to the wiki or the bug tracking...
CVE-2005-2007
CVE-2005-2007 describes a directory-traversal vulnerability in Edgewall Trac 0.8.3 and earlier. The issue permits remote attackers to read or write arbitrary files by supplying a double-dot path in the id parameter to the (1) upload or (2) attachment scripts. The initial and connected data consis...
CVE-2005-2007
Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. dot dot in the id parameter to the 1 upload or 2 attachment scripts...
CVE-2005-2007
Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. dot dot in the id parameter to the 1 upload or 2 attachment scripts...
[Full-disclosure] Advisory 01/2005: Fileupload/download vulnerability in Trac
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Happy Python Hackers Project www.hardened-php.net -= Security Advisory =- Advisory: Fileupload/download vulnerability in Trac Release Date: 2005/06/20 Last Modified: 2005/06/20 Author: Stefan Esser [email protected] Application: Trac = 0.8.3...
trac -- file upload/download vulnerability
Stefan Esser reports: Trac's wiki and ticket systems allows to add attachments to wiki entries and bug tracker tickets. These attachments are stored within directories that are determined by the id of the corresponding ticket or wiki entry. Due to a missing validation of the id parameter it is...
CVE-2005-2007
Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. dot dot in the id parameter to the 1 upload or 2 attachment scripts...
CVE-2005-2007
Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. dot dot in the id parameter to the 1 upload or 2 attachment scripts...
DEBIAN-CVE-2005-2007
Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. dot dot in the id parameter to the 1 upload or 2 attachment scripts...