6 matches found
openSUSE Security Update : viewvc (viewvc-48)
This update of viewvc fixes multiple vulnerabilities. - CVE-2008-1290: list CVS or SVN commits on 'all-forbidden' files - CVE-2008-1291: directly access hidden CVSROOT folders - CVE-2008-1292: expose restricted content via the revision view, the log history, or the diff view %NASLMINLEVEL 70300 C...
Gentoo Security Advisory GLSA 200803-29 (viewvc)
The remote host is missing updates announced in advisory GLSA 200803-29. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
openSUSE 10 Security Update : viewvc (viewvc-5358)
This update of viewvc fixes multiple vulnerabilities. - CVE-2008-1290: list CVS or SVN commits on 'all-forbidden' files - CVE-2008-1291: directly access hidden CVSROOT folders - CVE-2008-1292: expose restricted content via the revision view, the log history, or the diff view %NASLMINLEVEL 70300 C...
CVE-2008-1292
ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading 1 forbidden pathnames in the revision view, 2 log history that can only be reached by traversing a forbidden object, or 3...
CVE-2008-1292
CVE-2008-1292 affects ViewVC prior to 1.0.5, where revision metadata could be read without proper access checks. The vulnerability allows remote attackers to disclose sensitive information by reading: (1) forbidden pathnames in the revision view, (2) log history accessible only via traversing a f...
[ GLSA 200803-29 ] ViewVC: Multiple vulnerabilities
Gentoo Linux Security Advisory GLSA 200803-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...