5 matches found
CVE-2007-0246
plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATHINFO...
CVE-2007-0246
plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATHINFO...
CVE-2007-0246
CVE-2007-0246 affects GForge’s CVSWeb CGI (plugins/scmcvs/www/cvsweb.php) running with CVSWeb in GForge 4.5.16 prior to 20070524. The vulnerability arises from insufficient sanitization of PATH_INFO, allowing remote attackers to inject shell metacharacters and execute arbitrary commands. Reported...
CVE-2007-0246
plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATHINFO...
[SECURITY] [DSA 1297-1] New gforge-plugin-scmcvs packages fix arbitrary shell command execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1297-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 24th, 2007 http://www.debian.org/security/faq -...