Fedora 11 : viewvc-1.1.3-1.fc11 (2009-13634)

security fix: add root listing support of per-root authz config security fix: query.py requires 'forbidden' authorizer or none in config fix URL- ification of truncated log messages issue 3 fix regexp input validation issue 426, 427, 440 add support for configurable tab-to-spaces conversion fix...

Fedora 12 : viewvc-1.1.3-1.fc12 (2009-13610)

security fix: add root listing support of per-root authz config security fix: query.py requires 'forbidden' authorizer or none in config fix URL- ification of truncated log messages issue 3 fix regexp input validation issue 426, 427, 440 add support for configurable tab-to-spaces conversion fix...

[SECURITY] Fedora 11 Update: viewvc-1.1.3-1.fc11

ViewVC is a browser interface for CVS and Subversion version control repositories. It generates templatized HTML to present navigable directory, revision, and change log listings. It can display specific versions of files as well as diffs between those versions. Basically, ViewVC provides the bul...

[SECURITY] Fedora 12 Update: viewvc-1.1.3-1.fc12

ViewVC is a browser interface for CVS and Subversion version control repositories. It generates templatized HTML to present navigable directory, revision, and change log listings. It can display specific versions of files as well as diffs between those versions. Basically, ViewVC provides the bul...

CVE-2009-3618

Cross-site scripting XSS vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party information...

CVE-2009-3618

Cross-site scripting XSS vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party information...

Cross site scripting

Cross-site scripting XSS vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party information...

Design/Logic Flaw

Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."...

CVE-2009-3619

Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."...

CVE-2009-3618

Cross-site scripting XSS vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party information...

CVE-2009-3619

Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."...

CVE-2009-3619

Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."...

CVE-2009-3619

Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."...

CVE-2009-3618

Removed by vendor...

CVE-2009-3618

Cross-site scripting XSS vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party information...

CVE-2009-3619

CVE-2009-3619 affects ViewVC up to versions 1.0.9 (i.e., 1.0 before 1.0.9) and 1.1 up to 1.1.2. The description indicates the issue relates to printing illegal parameter names and values, with unknown impact and remote attack vectors. The connected documents confirm the affected product (ViewVC) ...

CVE-2009-3618

Vulnerability summary (CVE-2009-3618) : A cross-site scripting (XSS) flaw exists in ViewVC’s viewvc.py, affecting ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2. The issue allows remote attackers to inject arbitrary web script or HTML via the “view” parameter due to improper input handling. Impact ...

CVE-2009-3619

Removed by vendor...

ViewVC Invalid Parameter Arbitrary HTML Injection

The version of ViewVC hosted on the remote host is vulnerable to a HTML injection attack. Requesting a URL with an invalid parameter name in the query string generates an error message that echoes back the parameter name. Any URLs included in the invalid parameter name become hyperlinks. A remote...

openSUSE 10 Security Update : viewvc (viewvc-6578)

Update of viewvc to version 1.0.9 fixes a cross-site scripting XSS problem and enhances filtering of illegal characters when displaying error messages CVE-2009-3618, CVE-2009-3619. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...