CVE-2004-1456

filediff in CVStrac allows remote attackers to execute arbitrary commands via shell metacharacters in rcsinfo...

CVSTrac < 1.1.5 Unspecified XSS

Binary data 2470.prm...

CVSTrac fails to properly sanitize input passed to "filediff"

Overview CVSTrac fails to check the validity of input passed to the "rcsinfo" parameter of "filediff." This allows execution of arbitrary commands on the server. Description CVSTrac is a web-based bug and patch set tracking system for use with CVS. CVSTrac 1.1.3 and earlier fail to properly...

CVSTrac CVSROOT/passwd Arbitrary Account Deletion

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version of CVSTRAC is vulnerable to a flaw wherein a remote attacker can overwrite a critical file, thereby giving them elevated access and potentially control over other user accounts. Nessus...

CVSTrac timeline.c timeline_page Function Overflow

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the timelinepage function in timeline.c that may allow an attacker to cause a buffer overflow. An attacker, exploiting this flaw, would be potentially able t...

CVSTrac chdir() chroot Jail Escape

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the chdir function that may allow an attacker to escape the chroot jail. An attacker, exploiting this flaw, would be able to access files outside of the web...

CVSTrac Malformed URI Infinite Loop DoS

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the parameter parser that may allow an attacker to create a malformed URL, which causes the application to hang. An attacker, exploiting this flaw, would onl...

CVSTrac history.c history_update Function Overflow

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the historyupdate function in history.c that may allow an attacker to cause a buffer overflow and execute arbitrary code on the remote system. Nessus has...

cvstrac.txt

Hi, Im Richard Ngo, this is the first time i report an exploit and found a remote exploit that could allow arbitrary code execution in CVStrac. sample exploit filediff?f=CVSROOT/rcsinfo&v1=1.1&v2=1.2;w; All versions vulnerable. I have not contacted cvstrac.org since i cant find their email addres...

CVSTrac filediff Arbitrary Remote Code Execution

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version of filediff has a flaw in the input sanitation which, when exploited, can lead to a remote attacker executing arbitrary commands on the system. Nessus has determined the vulnerability...

CVSTrac - Arbitrary Code Execution

filediff?f=CVSROOT/rcsinfo&v1=1.1&v2=1.2;last; milw0rm.com 2004-08-06...

CVSTrac - Arbitrary Code Execution

CVSTrac - Arbitrary Code Execution filediff?f=CVSROOT/rcsinfo&v1=1.1&v2=1.2;last; milw0rm.com 2004-08-06...

CVStrac Remote Arbitrary Code Execution exploit

Hi, Im Richard Ngo, this is the first time i report an exploit and found a remote exploit that could allow arbitrary code execution in CVStrac. sample exploit filediff?f=CVSROOT/rcsinfo&v1=1.1&v2=1.2;w; All versions vulnerable. I have not contacted cvstrac.org since i cant find their email addres...