RSS   Podatności dla 'Websvn'   RSS

2009-01-20
 
CVE-2009-0240

CWE-264
 

 
listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.

 
 
CVE-2008-5920

CWE-94
 

 
The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.

 
 
CVE-2008-5919

CWE-22
 

 
Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.

 
 
CVE-2008-5918

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

 

 >>> Vendor: Tigris 2 Produkty
Websvn
Tortoisesvn


Copyright 2024, cxsecurity.com

 

Back to Top