Information disclosure

ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion SVN commits, which allows remote attackers to obtain sensitive information...

CVE-2008-1290

ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion SVN commits, which allows remote attackers to obtain sensitive information...

Improper access control

ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder...

CVE-2008-1290

ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion SVN commits, which allows remote attackers to obtain sensitive information...

CVE-2008-1292

ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading 1 forbidden pathnames in the revision view, 2 log history that can only be reached by traversing a forbidden object, or 3...

CVE-2008-1290

Removed by vendor...

CVE-2008-1292

ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading 1 forbidden pathnames in the revision view, 2 log history that can only be reached by traversing a forbidden object, or 3...

CVE-2008-1291

ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder...

CVE-2008-1291

Removed by vendor...

CVE-2008-1292

Removed by vendor...

CVE-2008-1290

CVE-2008-1290 affects ViewVC before 1.0.5, where the search results may include "all-forbidden" files that list CVS/SVN commits. The underlying issue exposes sensitive information through these files, enabling remote disclosure of data. Public advisories (Red Hat, openSUSE/SUSE, Gentoo/OpenVAS en...

CVE-2008-1290

ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion SVN commits, which allows remote attackers to obtain sensitive information...

CVE-2008-1292

CVE-2008-1292 affects ViewVC prior to 1.0.5, where revision metadata could be read without proper access checks. The vulnerability allows remote attackers to disclose sensitive information by reading: (1) forbidden pathnames in the revision view, (2) log history accessible only via traversing a f...

CVE-2008-1291

ViewVC prior to 1.0.5 is affected by CVE-2008-1291, with insufficient access control that lets remote attackers read files and list folders under the hidden CVSROOT directory. Reports from multiple advisories (Red Hat, SUSE/openSUSE, Gentoo/OpenVAS/Nessus entries) confirm the vulnerability and no...

GLSA-200803-29 : ViewVC: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200803-29 ViewVC: Multiple vulnerabilities Multiple unspecified errors were reportedly fixed by the ViewVC development team. Impact : A remote attacker could send a specially crafted URL to the server to list CVS or SVN commits on...

[ GLSA 200803-29 ] ViewVC: Multiple vulnerabilities

Gentoo Linux Security Advisory GLSA 200803-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

ViewVC: Multiple vulnerabilities

Background ViewVC is a browser interface for CVS and Subversion version control repositories. Description Multiple unspecified errors were reportedly fixed by the ViewVC development team. Impact A remote attacker could send a specially crafted URL to the server to list CVS or SVN commits on...

Fedora 7 : viewvc-1.0.5-1.fc7 (2008-2143)

These security issues have been fixed: - omit commits of all-forbidden files from query results - disallow direct URL navigation to hidden CVSROOT folder - strip forbidden paths from revision view - don't traverse log history thru forbidden locations - honor forbiddenness via diff view path...

Fedora 8 : viewvc-1.0.5-1.fc8 (2008-2159)

These security issues have been fixed: - omit commits of all-forbidden files from query results - disallow direct URL navigation to hidden CVSROOT folder - strip forbidden paths from revision view - don't traverse log history thru forbidden locations - honor forbiddenness via diff view path...

[SECURITY] Fedora 8 Update: viewvc-1.0.5-1.fc8

ViewVC is a browser interface for CVS and Subversion version control repositories. It generates templatized HTML to present navigable directory, revision, and change log listings. It can display specific versions of files as well as diffs between those versions. Basically, ViewVC provides the bul...