CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions...

7.5CVSS6.7AI score0.00311EPSS

Exploits0References1

RedhatCVE•added 2025/05/21 6:28 p.m.•5 views

CVE-2005-2147

Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the 1 upload or 2 attachment viewer scripts...

6.4CVSS7AI score0.00425EPSS

Exploits0References1

OSV•added 2022/05/17 2:17 a.m.•2 views

GHSA-437P-QW95-WQQR Trac vulnerable to denial of service

Unspecified vulnerability in Trac before 0.11.2 allows attackers to cause a denial of service via unknown attack vectors related to "certain wiki markup."...

8.7CVSS6.1AI score0.00475EPSS

Exploits0References6

OSV•added 2022/05/01 2:29 a.m.•6 views

GHSA-6VHP-HP77-6W52 Trac HTML WikiProcessor cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag...

6.1CVSS5.4AI score0.00658EPSS

Exploits1References9

OSV•added 2019/11/13 11:15 p.m.•1 views

DEBIAN-CVE-2010-5108

7.5CVSS7.3AI score0.00311EPSS

Exploits0References1

OSV•added 2009/12/23 9:30 p.m.•2 views

DEBIAN-CVE-2009-4405

Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to 1 "policy checks in report results when using alternate formats" or 2 a "check for the 'raw' role that is missing in docutils 0.6."...

7.5CVSS7AI score0.00572EPSS

Exploits1References1

OSV•added 2008/12/17 6:30 p.m.•3 views

CVE-2008-5646

Unspecified vulnerability in Trac before 0.11.2 allows attackers to cause a denial of service via unknown attack vectors related to "certain wiki markup."...

6.1AI score

Exploits0References5

OSV•added 2008/12/17 6:30 p.m.•2 views

CVE-2008-5647

Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors...

6.1AI score

Exploits0References5

PyPA•added 2008/12/17 6:30 p.m.•6 views

PYSEC-2008-6

Unspecified vulnerability in Trac before 0.11.2 allows attackers to cause a denial of service via unknown attack vectors related to "certain wiki markup."...

7.5CVSS6.7AI score0.00475EPSS

Exploits0References5Affected Software1

securityvulns•added 2007/03/12 12:0 a.m.•21 views

Trac content displaying vulnerability

Content-Disposition MIME header is not defined. Crossite scripting...

10CVSS0.7AI score0.00507EPSS

Exploits0Affected Software1

OSV•added 2007/03/10 10:19 p.m.•4 views

CVE-2007-1406

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

6.4AI score

Exploits0References1

OSV•added 2005/07/06 4:0 a.m.•3 views

CVE-2005-2147

Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the 1 upload or 2 attachment viewer scripts...

6.5AI score

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by