5 matches found
openSUSE Security Update : viewvc (viewvc-48)
This update of viewvc fixes multiple vulnerabilities. - CVE-2008-1290: list CVS or SVN commits on 'all-forbidden' files - CVE-2008-1291: directly access hidden CVSROOT folders - CVE-2008-1292: expose restricted content via the revision view, the log history, or the diff view %NASLMINLEVEL 70300 C...
Gentoo Security Advisory GLSA 200803-29 (viewvc)
The remote host is missing updates announced in advisory GLSA 200803-29. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
openSUSE 10 Security Update : viewvc (viewvc-5358)
This update of viewvc fixes multiple vulnerabilities. - CVE-2008-1290: list CVS or SVN commits on 'all-forbidden' files - CVE-2008-1291: directly access hidden CVSROOT folders - CVE-2008-1292: expose restricted content via the revision view, the log history, or the diff view %NASLMINLEVEL 70300 C...
CVE-2008-1291
ViewVC prior to 1.0.5 is affected by CVE-2008-1291, with insufficient access control that lets remote attackers read files and list folders under the hidden CVSROOT directory. Reports from multiple advisories (Red Hat, SUSE/openSUSE, Gentoo/OpenVAS/Nessus entries) confirm the vulnerability and no...
[ GLSA 200803-29 ] ViewVC: Multiple vulnerabilities
Gentoo Linux Security Advisory GLSA 200803-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...