CVE-2010-0005

query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query...

Code injection

ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view...

Design/Logic Flaw

query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query...

CVE-2010-0005

query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query...

CVE-2010-0004

ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view...

CVE-2010-0004

ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view...

CVE-2010-0005

CVE-2010-0005 affects the ViewVC project: the query.py in the query interface (ViewVC) before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, potentially allowing remote attackers to bypass access restrictions via a query. The description is consistent acro...

CVE-2010-0005

query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query...

CVE-2010-0004

ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, potentially allowing remote attackers to discover private root names by reading the view. Affected component: ViewVC (core request handling for root listings). Root cause: authorization not enforced at ...

CVE-2010-0004

Removed by vendor...

CVE-2010-0004

ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view...

CVE-2010-0005

Removed by vendor...

openSUSE Security Update : viewvc (viewvc-1859)

The viewvc update fixes the following security problems : - add root listing support of per-root authz config CVE-2010-0004. - query.py requires 'forbidden' authorizer or none in config CVE-2010-0005. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

ViewVC Versions Prior to 1.1.3 Multiple Remote Vulnerabilities

ViewVC is prone to these security vulnerabilities: - A security vulnerability that involves root listing of per-root authorization configuration. - A security vulnerability in 'query.py' involving the 'forbidden' authorizer or none. Versions prior to ViewVC 1.1.3 are vulnerable. OpenVAS...

ViewVC < 1.1.3 Multiple Remote Vulnerabilities

ViewVC is prone to these security vulnerabilities: - A security vulnerability that involves root listing of per-root authorization configuration. - A security vulnerability in SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

ViewVC < 1.1.3 Multiple Vulnerabilities

Binary data 5288.prm...

Fedora Core 11 FEDORA-2009-13634 (viewvc)

The remote host is missing an update to viewvc announced via advisory FEDORA-2009-13634. OpenVAS Vulnerability Test $Id: fcore200913634.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-13634 viewvc Authors: Thomas Reinke Copyright: Copyright c 2009...

Fedora Core 11 FEDORA-2009-13634 (viewvc)

The remote host is missing an update to viewvc announced via advisory FEDORA-2009-13634. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by th...

Fedora Core 12 FEDORA-2009-13610 (viewvc)

The remote host is missing an update to viewvc announced via advisory FEDORA-2009-13610. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by th...

Fedora Core 12 FEDORA-2009-13610 (viewvc)

The remote host is missing an update to viewvc announced via advisory FEDORA-2009-13610. OpenVAS Vulnerability Test $Id: fcore200913610.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-13610 viewvc Authors: Thomas Reinke Copyright: Copyright c 2009...