56 matches found
EUVD-2005-4824
Malware in sbrugna...
EUVD-2002-0763
Malware in sbrugna...
EUVD-2005-4823
Malware in sbrugna...
EUVD-2004-0913
Malware in sbrugna...
EUVD-2004-1060
Malware in sbrugna...
SUSE CVE-2004-0915
Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporting a repository as a tar archive, does not properly implement the hidecvsroot and forbidden settings, which could allow remote attackers to gain sensitive information...
SUSE CVE-2004-1062
Multiple cross-site scripting XSS vulnerabilities in ViewCVS 0.9.2 allow remote attackers to inject arbitrary HTML and web script via certain error messages...
ViewCVS 0.9.2 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4818/info ViewCVS does not filter HTML tags from certain URL parameters, making it prone to cross-site scripting attacks. An attacker may exploit this by constructing a malicious link with script code to a site running...
Gentoo Security Advisory GLSA 200412-26 (ViewCVS)
The remote host is missing updates announced in advisory GLSA 200412-26. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200412-26 (ViewCVS)
The remote host is missing updates announced in advisory GLSA 200412-26. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD Ports: viewcvs
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
FreeBSD Ports: viewcvs
The remote host is missing an update to the system as announced in the referenced advisory. VID 323784cf-48a6-11d9-a9e7-0001020eed82 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
Debian: Security Advisory (DSA-605-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 605-1 (viewcvs)
The remote host is missing an update to viewcvs announced via advisory DSA 605-1. OpenVAS Vulnerability Test $Id: deb6051.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 605-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Update: ViewCVS and ViewVC 'checkout view' content type fixation issue
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi! Moritz Naumann wrote: This does not impact how much the rest of my report applies. My findings are now being discussed on the ViewVC developers mailing list 1. They apparently also impact ViewVC. Whether and to which degree what I am reporting c...
CVE-2005-4830
CVE-2005-4830 documents a CRLF injection vulnerability in ViewCVS version 0.9.2 of the viewcvs component. The flaw allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting by sending CRLF sequences in the content-type parameter. Affected software is ViewCVS 0.9...
CVE-2005-4830
CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the content-type parameter...
CVE-2005-4830
Removed by vendor...
CVE-2005-4831
Removed by vendor...
CVE-2005-4831
viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting XSS and other attacks, as demonstrated using 1 "text/html", or 2 "image/jpeg" with an image that is rendered as HTML ...