4 matches found
CVE-2003-0152
CVE-2003-0152 concerns the Bonsai Mozilla CVS query tool CGI, allowing remote execution of arbitrary commands as www-data. Public records (Debian DSA-265) show fixes in Bonsai updates (e.g., bonsai 1.3+cvs20020224-1woody1 for woody; later fixes for sid). OpenVAS/Nessus entries corroborate multipl...
CVE-2003-0153
CVE-2003-0153 affects the bonsai Mozilla CVS query tool. The vulnerability is an absolute path disclosure exposed in error messages generated by cvslog.cgi, cvsview2.cgi, and multidiff.cgi. Connected records confirm Debian advisory DSA-265-1 documents the issue and notes a missing update; OpenVAS...
CVE-2003-0154
CVE-2003-0154 affects the Bonsai Mozilla CVS query tool (CGI suite) used to browse CVS repositories. The vulnerability is a cross-site scripting (XSS) flaw that can be triggered via multiple parameters: cvslog.cgi (file, root, rev), cvsblame.cgi (file, root), cvsquery.cgi (various), showcheckins....
CVE-2003-0155
CVE-2003-0155 affects bonsai, the Mozilla CVS query tool. It allows remote attackers to access the parameters page without authentication, exposing configuration parameters. CVSS v2 base score is 5.0 (medium) with Network attack vector, low attack complexity, no authentication required, and parti...