Trac Security Vulnerabilities and Issues — Trac CVE List

Lucene search

Edgewall SoftwareTrac

3 matches found

CVE•added 2005/07/06 4:0 a.m.•50 views

CVE-2005-2147

Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts.

6.4CVSS6.5AI score0.00425EPSS

CVE•added 2005/06/20 4:0 a.m.•42 views

CVE-2005-2007

Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the id parameter to the (1) upload or (2) attachment scripts.

6.4CVSS6.8AI score0.01301EPSS

CVE•added 2006/07/21 2:3 p.m.•41 views

CVE-2006-3695

Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service vi...

6.8CVSS6.2AI score0.03036EPSS