5 matches found
CVE-2013-2117
Directory traversal in cgit_parse_readme (ui-summary.c) of cgit before 0.9.2 allows remote attackers to read arbitrary files via a .. in the url parameter. Affected: cgit up to version
CVE-2011-1027
CVE-2011-1027 : Off-by-one in the convert_query_hexchar function of html.c in cgit.cgi (cgit) before 0.8.3.5 can cause a denial of service (infinite loop) when processing a % followed by invalid hex characters (e.g., %gg). Connected advisories confirm the affected component and offer remediation ...
CVE-2011-2711
CVE-2011-2711 affects cgit ≤0.9.0.2: XSS in print_fileinfo (ui-diff.c) allows remote authenticated users to inject script/HTML via the filename in a rename hint. Documented across multiple sources (SUSE/Fedora updates) indicating patches exist in cgit upgrades (e.g., OpenSUSE/SU-2011:0891-1, Fedo...
CVE-2012-4465
CVE-2012-4465 affects cgit up to version 0.9.0.3, where a heap-based buffer overflow in substr in parsing.c can be triggered by an empty Author field in a commit. This allows remote authenticated users to cause a crash and potentially execute arbitrary code. The vulnerability has been addressed i...
CVE-2012-4548
CVE-2012-4548 affects cgit up to version 9.0.3, via an argument injection in syntax-highlighting.sh that allows remote authenticated users with file-adding permissions to execute arbitrary commands through the --plug-in argument to the highlight command. Root cause: improper handling of plugin ar...