37 matches found
CVE-2014-4719
Cross-site scripting XSS vulnerability in the login panel svn/login/ in User-Friendly SVN aka USVN before 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the username field...
CVE-2020-17364
USVN aka User-friendly SVN before 1.0.9 allows XSS via SVN logs...
EUVD-2020-9317
Malware in sbrugna...
EUVD-2018-1505
Malware in sbrugna...
EUVD-2014-4638
Malware in sbrugna...
EUVD-2020-9318
Malware in sbrugna...
EUVD-2020-17763
Malware in sbrugna...
CVE-2024-37879
Improper input validation in /admin/config/save in User-friendly SVN USVN before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo"...
CVE-2020-25069
USVN aka User-friendly SVN before 1.0.10 allows attackers to execute arbitrary code in the commit view...
CVE-2024-37879
Improper input validation in /admin/config/save in User-friendly SVN USVN before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo"...
CVE-2024-37879
Improper input validation in /admin/config/save in User-friendly SVN USVN before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo"...
CVE-2024-37879
Improper input validation in /admin/config/save in User-friendly SVN USVN before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo"...
CVE-2024-37879
Improper input validation in /admin/config/save in User-friendly SVN USVN before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo"...
CVE-2020-17363
USVN aka User-friendly SVN before 1.0.9 allows remote code execution via shell metacharacters in the numberstart or numberend parameter to LastHundredRequest aka lasthundredrequestAction in the Timeline module. NOTE: this may overlap CVE-2020-25069...
CVE-2020-17363
USVN (PHP web interface for Subversion) is affected by CVE-2020-17363. All versions before 1.0.9 are vulnerable to remote code execution via shell metacharacters in number_start/number_end of LastHundredRequest (Timeline module). Red Hat and CNVD entries corroborate impact up to 1.0.9/1.0.10; exp...
CVE-2020-25070
USVN aka User-friendly SVN before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature...
Cross site request forgery (csrf)
USVN aka User-friendly SVN before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature...
Code injection
USVN aka User-friendly SVN before 1.0.10 allows attackers to execute arbitrary code in the commit view...
CVE-2020-25069
USVN (User-friendly SVN) prior to version 1.0.10 exposes an arbitrary code execution vulnerability in the commit view. Multiple connected sources confirm that the issue affects USVN up through 1.0.10, with the fix implemented in 1.0.10. Root cause details are not fully specified in the provided d...
CVE-2020-25070
CVE-2020-25070 affects USVN (User-friendly SVN) prior to version 1.0.10. The issue is a cross-site request forgery (CSRF) flaw caused by the absence of the SameSite Strict cookie attribute. Impact is described as CSRF risk; no exploit details are provided in the sources. Remediation: upgrade to U...