370 matches found
Fedora 7 : viewvc-1.0.5-1.fc7 (2008-2143)
These security issues have been fixed: - omit commits of all-forbidden files from query results - disallow direct URL navigation to hidden CVSROOT folder - strip forbidden paths from revision view - don't traverse log history thru forbidden locations - honor forbiddenness via diff view path...
[SECURITY] Fedora 8 Update: viewvc-1.0.5-1.fc8
ViewVC is a browser interface for CVS and Subversion version control repositories. It generates templatized HTML to present navigable directory, revision, and change log listings. It can display specific versions of files as well as diffs between those versions. Basically, ViewVC provides the bul...
[SECURITY] Fedora 7 Update: viewvc-1.0.5-1.fc7
ViewVC is a browser interface for CVS and Subversion version control repositories. It generates templatized HTML to present navigable directory, revision, and change log listings. It can display specific versions of files as well as diffs between those versions. Basically, ViewVC provides the bul...
Update: ViewCVS and ViewVC 'checkout view' content type fixation issue
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi! Moritz Naumann wrote: This does not impact how much the rest of my report applies. My findings are now being discussed on the ViewVC developers mailing list 1. They apparently also impact ViewVC. Whether and to which degree what I am reporting c...
CVE-2006-5442
ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting XSS attacks that inject arbitrary UTF-7 encoded JavaScript code via a view...
CVE-2006-5442
ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting XSS attacks that inject arbitrary UTF-7 encoded JavaScript code via a view...
CVE-2006-5442
ViewVC 1.0.2 and earlier is affected by a cross-site scripting (XSS) vulnerability caused by not specifying a charset in HTTP headers or HTML documents. This allows remote attackers to inject arbitrary UTF-7 encoded JavaScript via a view. The affected software is ViewVC, version 1.0.2 and earlier...
CVE-2006-5442
ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting XSS attacks that inject arbitrary UTF-7 encoded JavaScript code via a view...
CVE-2006-5442
Removed by vendor...
[Full-disclosure] Advisory 10/2006: ViewVC Undefined Charset UTF-7 XSS Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Happy Python Hackers Project www.hardened-php.net -= Security Advisory =- Advisory: ViewVC Undefined Charset UTF-7 XSS Vulnerability Release Date: 2006/10/15 Last Modified: 2006/10/15 Author: Stefan Esser [email protected] Application: ViewVC =...