Search CVE reports

ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log...

ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.

ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.

The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service...

plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO.

CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the content-type parameter.

cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.

Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code.

CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash).

CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.