368 matches found
Fedora Update for viewvc FEDORA-2008-2143
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for viewvc FEDORA-2008-2159
Check for the Version of viewvc OpenVAS Vulnerability Test Fedora Update for viewvc FEDORA-2008-2159 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
CVE-2008-4325
lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object. NOTE:...
CVE-2008-4325
lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object. NOTE:...
Design/Logic Flaw
lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object. NOTE:...
CVE-2008-4325
Removed by vendor...
CVE-2008-4325
lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object. NOTE:...
CVE-2008-4325
CVE-2008-4325 affects ViewVC 1.0.5 (lib/viewvc.py) where the Content-Type header in the HTTP response is derived from the request’s content-type parameter, allowing a mismatch that could cause browsers to misinterpret content. The issue is contingent on attacker access to the viewed repository. P...
[SECURITY] Fedora 8 Update: viewvc-1.0.6-1.fc8
ViewVC is a browser interface for CVS and Subversion version control repositories. It generates templatized HTML to present navigable directory, revision, and change log listings. It can display specific versions of files as well as diffs between those versions. Basically, ViewVC provides the bul...
[SECURITY] Fedora 9 Update: viewvc-1.0.6-1.fc9
ViewVC is a browser interface for CVS and Subversion version control repositories. It generates templatized HTML to present navigable directory, revision, and change log listings. It can display specific versions of files as well as diffs between those versions. Basically, ViewVC provides the bul...
Fedora 9 : viewvc-1.0.6-1.fc9 (2008-8252)
Security fix: ignore arbitrary user-provided MIME types ViewVC issue 354: http://viewvc.tigris.org/issues/showbug.cgi?id=354 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean an...
Fedora 8 : viewvc-1.0.6-1.fc8 (2008-8270)
Security fix: ignore arbitrary user-provided MIME types ViewVC issue 354: http://viewvc.tigris.org/issues/showbug.cgi?id=354 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean an...
Gentoo Security Advisory GLSA 200803-29 (viewvc)
The remote host is missing updates announced in advisory GLSA 200803-29. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Gentoo Security Advisory GLSA 200803-29 (viewvc)
The remote host is missing updates announced in advisory GLSA 200803-29. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
openSUSE 10 Security Update : viewvc (viewvc-5358)
This update of viewvc fixes multiple vulnerabilities. - CVE-2008-1290: list CVS or SVN commits on 'all-forbidden' files - CVE-2008-1291: directly access hidden CVSROOT folders - CVE-2008-1292: expose restricted content via the revision view, the log history, or the diff view %NASLMINLEVEL 70300 C...
ViewVC Direct Request CVSROOT Information Disclosure
The remote host is running ViewVC, a web-based tool for browsing CVS and Subversion repositories. The version of ViewVC installed on the remote host allows the reading of the contents of the 'CVSROOT' directory by navigating to it directly. An attacker could leverage this issue to retrieve...
CVE-2008-1292
ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading 1 forbidden pathnames in the revision view, 2 log history that can only be reached by traversing a forbidden object, or 3...
CVE-2008-1291
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder...
CVE-2008-1291
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder...
Design/Logic Flaw
ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading 1 forbidden pathnames in the revision view, 2 log history that can only be reached by traversing a forbidden object, or 3...