Cpe Name:
cpe:/a:viewvc:viewvc:1.1.7
Copy Results
Download Results
Select Table
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-4533 |
79 |
|
XSS |
2012-11-18 |
2012-11-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line. |
|
2 |
CVE-2012-3357 |
200 |
|
+Info |
2012-07-22 |
2012-11-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak." |
|
3 |
CVE-2012-3356 |
287 |
|
Bypass |
2012-07-22 |
2012-11-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors. |
|
4 |
CVE-2009-5024 |
399 |
|
Bypass |
2011-05-23 |
2012-11-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request. |
Total number of vulnerabilities :
4
Page :
1
(This Page)
