security flaw

cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack...

Low: Red Hat Security Advisory: cvs security update

An updated cvs package that fixes a security bug is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. CVS Concurrent Version System is a version control system. An insecure temporary file usage was found in the cvsbug program. It is...

Slackware 8.1 / 9.0 / 9.1 / current : cvs security update (SSA:2004-108-02)

CVS is a client/server version control system. As a server, it is used to host source code repositories. As a client, it is used to access such repositories. This advisory affects both uses of CVS. A security problem which could allow a server to create arbitrary files on a client machine, and...

CVE-2005-2076

HP Version Control Repository Manager VCRM before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen...

[SA15790] HP VCRM Proxy Server Password Disclosure Security Issue

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

cvs security update

CentOS Errata and Security Advisory CESA-2005:387 An updated cvs package that fixes security bugs is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. CVS Concurrent Version System is a version control system. A buffer overflow bug...

CVS < 1.11.20 / 1.12.12 Multiple Unspecified Vulnerabilities

According to its version number, the remote CVS server has unspecified vulnerabilities. This includes a double free, and a buffer overflow. A remote attacker could exploit these to crash the server, or possibly execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc";...

CVS: Multiple vulnerabilities

Background CVS Concurrent Versions System is an open-source network-transparent version control system. It contains both a client utility and a server. Description Alen Zukich has discovered several serious security issues in CVS, including at least one buffer overflow CAN-2005-0753, memory leaks...

Two Vulnerabilities in ViewCVS

--------------------------------------------------------------------------- Two Vulnerabilities in ViewCVS --------------------------------------------------------------------------- Author: Jose Antonio Coret Joxean Koret Date: 2004 Location: Basque Country...

DEBIAN-CVE-2004-0778

CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned...

DEBIAN-CVE-2004-0416

Double free vulnerability for the errorprogname string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code...

RHEL 2.1 / 3 : cvs (RHSA-2004:153)

Updated cvs packages that fix a client vulnerability that could be exploited by a malicious server are now available. Updated Apr 19 2004 The description text has been updated to include CVE-2004-0405 which was also fixed but not mentioned when this advisory was first released. There has been no...

security flaw

servenotify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data...

security flaw

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service crash, modification of critical program data, or arbitrary code execution...

security flaw

CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned...

[Full-Disclosure] Advisory 09/2004: More CVS remote vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 e-matters GmbH www.e-matters.de -= Security Advisory =- Advisory: More CVS remote vulnerabilities Release Date: 2004/06/09 Last Modified: 2004/06/09 Author: Stefan Esser [email protected] Application: CVS feature release = 1.12.8 CVS stable release...

Subversion Server Detection

The remote host is running the Subversion server. Subversion is a software product which is similar to CVS in that it manages file revisions and can be accessed across a network by multiple clients. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

security flaw

Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines...

cvs security update

CVS is a client/server version control system. As a server, it is used to host source code repositories. As a client, it is used to access such repositories. This advisory affects both uses of CVS. A security problem which could allow a server to create arbitrary files on a client machine, and...

Moderate: Red Hat Security Advisory: cvs security update

Updated cvs packages that fix a client vulnerability that could be exploited by a malicious server are now available. Updated Apr 19 2004 The description text has been updated to include CAN-2004-0405 which was also fixed but not mentioned when this advisory was first released. There has been no...