68 matches found
CVE-2011-0410
CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for network communication and the internal database, which makes it easier for context-dependent attackers to obtain sensitive information by 1 sniffing the network for transmissions of Java objects or 2 reading the database...
CVE-2011-0410
CVE-2011-0410 affects CollabNet ScrumWorks Basic 1.8.4. The server–client communications transmit credential information in plaintext via unencrypted Java objects, and the internal database may store unencrypted usernames/passwords, enabling credential exposure through network sniffing or databas...
CollabNet ScrumWorks Basic Server transmits credential information in plaintext
Overview Communication between the Collabnet ScrumWorks Basic Server and CollabNet ScrumWorks Desktop Client transmits credential information in plaintext. Description The communication between the CollabNet ScrumWorks Basic Server and CollabNet ScrumWorks Desktop Client is transmitting credentia...
CollabNet Subversion Edge Log Parser XSS/Code Injection Vulnerability
CollabNet Subversion Edge Log Parser XSS/Code Injection Vulnerability Discovery Date: Sep 10, 2010 Risk: Important Description: There is a Cross Site Script XSS vulnerability that exists in CollabNet Subversion Edge 1.2 and prior versions. This said vulnerability can be exploited by sending a...
CollabNet Subversion Edge Log Parser - HTML Injection
CollabNet Subversion Edge Log Parser - HTML Injection source: https://www.securityfocus.com/bid/43378/info CollabNet Subversion Edge is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content...
Subversion Client/Server Detection (Windows)
Subversion, an open source version control system, is installed on the remote system. Subversion can be installed on Windows using CollabNet-certified binaries or through third-party packages such as VisualSVN, TortoiseSVN, and SlikSVN. Third-party packages typically include CollabNet binaries in...
WebSVN listing.php脚本绕过限制信息泄露漏洞
BUGTRAQ ID: 33343 CVECAN ID: CVE-2009-0240 WebSVN是用于在线查看源码库的工具。 WebSVN中的listing.php脚本在使用SVN authz文件时没有正确地限制对受限制代码库的访问,远程攻击者可以通过compare with previous和show changed files链接读取受限制项目的changelog或diff。 CollabNet WebSVN 2.0 CollabNet WebSVN 1.7 beta 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1725-1)以及相应补丁...
Immunity Canvas: SVNDATE
Name| svndate ---|--- CVE| CVE-2004-0397 Exploit Pack| CANVAS Description| Subversion = 1.0.2 utf-8 Apache2/WebDAV stack vs. heap exploit Notes| CVE Name: CVE-2004-0397 VENDOR: Collabnet OSVDB: http://osvdb.org/displayvuln.php?osvdbid=6301 Repeatability: Multiple tries References:...