7 matches found
Gentoo Security Advisory GLSA 200903-20 (websvn)
The remote host is missing updates announced in advisory GLSA 200903-20. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...
WebSVN listing.php脚本绕过限制信息泄露漏洞
BUGTRAQ ID: 33343 CVECAN ID: CVE-2009-0240 WebSVN是用于在线查看源码库的工具。 WebSVN中的listing.php脚本在使用SVN authz文件时没有正确地限制对受限制代码库的访问,远程攻击者可以通过compare with previous和show changed files链接读取受限制项目的changelog或diff。 CollabNet WebSVN 2.0 CollabNet WebSVN 1.7 beta 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1725-1)以及相应补丁...
Debian DSA-1725-1 : websvn - programming error
Bas van Schaik discovered that WebSVN, a tool to view Subversion repositories over the web, did not properly restrict access to private repositories, allowing a remote attacker to read significant parts of their content. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...
[Full-disclosure] [SECURITY] [DSA 1725-1] New websvn packages fix information leak
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1725-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst February 15, 2009 http://www.debian.org/security/faq -...
FreeBSD Ports: websvn
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
WebSVN Script Multiple Vulnerabilities
This host is running WebSVN and is prone to Multiple Vulnerabilities. Vulnerability: Multiple flaws are due to, - input passed in the URL to index.php is not properly sanitised before being returned to the user. - input passed to the rev parameter in rss.php is not properly sanitised before being...
CVE-2009-0240
CVE-2009-0240 affects WebSVN 2.0 (and possibly 1.7 beta). listing.php can expose restricted project changelogs/diffs when using an SVN authz file, via a manipulated repname parameter. Root cause is improper access control in listing.php. Impact: remote authenticated users can read restricted cont...