Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
viewvc viewvc vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2010-0005
query.py in the query interface in ViewVC prior to 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote malicious users to bypass intended access restrictions via a query.
Viewvc Viewvc 1.0.6
Viewvc Viewvc 1.1.1
Viewvc Viewvc
Viewvc Viewvc 1.0.5
Viewvc Viewvc 1.1.0
Viewvc Viewvc 1.0.7
Viewvc Viewvc 1.0.8
Viewvc Viewvc 1.0.4
Viewvc Viewvc 1.0.3
Viewvc Viewvc 1.0.1
Viewvc Viewvc 1.0.2
6.8
CVSSv2
CVE-2006-5442
ViewVC 1.0.2 and previous versions does not specify a charset in its HTTP headers or HTML documents, which allows remote malicious users to conduct cross-site scripting (XSS) attacks that inject arbitrary UTF-7 encoded JavaScript code via a view.
Viewvc Viewvc
5.8
CVSSv2
CVE-2008-4325
lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote malicious users to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the ...
Viewvc Viewvc 1.0.5
5
CVSSv2
CVE-2012-3356
The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC prior to 1.1.15 does not properly perform authorization, which allows remote malicious users to bypass intended access restrictions via unspecified vectors.
Viewvc Viewvc 1.1.6
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.1.7
Viewvc Viewvc 1.0.1
Viewvc Viewvc 1.1.5
Viewvc Viewvc 0.8
Viewvc Viewvc 0.9.3
Viewvc Viewvc 1.1.13
Viewvc Viewvc 1.0.5
Viewvc Viewvc 1.1.2
Viewvc Viewvc 0.9.2
Viewvc Viewvc 1.0.11
Viewvc Viewvc 1.0.9
Viewvc Viewvc 1.1.0
Viewvc Viewvc 1.1.1
Viewvc Viewvc 0.9.1
Viewvc Viewvc
Viewvc Viewvc 1.1.10
Viewvc Viewvc 1.1.4
Viewvc Viewvc 0.9.4
Viewvc Viewvc 1.1.8
Viewvc Viewvc 1.0.3
5
CVSSv2
CVE-2012-3357
The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC prior to 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote malicious users to obtain sensitive information, related to a "log msg leak."
Viewvc Viewvc 1.1.8
Viewvc Viewvc 1.1.7
Viewvc Viewvc 1.1.11
Viewvc Viewvc 1.1.3
Viewvc Viewvc 1.0.1
Viewvc Viewvc 1.0.2
Viewvc Viewvc 0.9.1
Viewvc Viewvc 0.9
Viewvc Viewvc
Viewvc Viewvc 1.1.6
Viewvc Viewvc 1.1.2
Viewvc Viewvc 1.0.10
Viewvc Viewvc 1.0.3
Viewvc Viewvc 1.0.6
Viewvc Viewvc 1.0.9
Viewvc Viewvc 0.8
Viewvc Viewvc 1.1.13
Viewvc Viewvc 1.1.12
Viewvc Viewvc 1.1.1
Viewvc Viewvc 1.1.0
Viewvc Viewvc 1.0.0
Viewvc Viewvc 1.0.11
5
CVSSv2
CVE-2009-5024
ViewVC prior to 1.1.11 allows remote malicious users to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request.
Viewvc Viewvc 1.1.6
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.1.7
Viewvc Viewvc 1.0.1
Viewvc Viewvc 1.1.5
Viewvc Viewvc 0.8
Viewvc Viewvc 0.9.3
Viewvc Viewvc 1.0.5
Viewvc Viewvc 1.1.2
Viewvc Viewvc 0.9.2
Viewvc Viewvc 1.0.11
Viewvc Viewvc 1.0.9
Viewvc Viewvc 1.1.0
Viewvc Viewvc 1.1.1
Viewvc Viewvc 0.9.1
Viewvc Viewvc 1.1.4
Viewvc Viewvc 0.9.4
Viewvc Viewvc 1.1.8
Viewvc Viewvc 1.0.3
Viewvc Viewvc 1.0.4
Viewvc Viewvc 1.0.6
Viewvc Viewvc 1.0.8
5
CVSSv2
CVE-2010-0004
ViewVC prior to 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote malicious users to discover private root names by reading this view.
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.0.1
Viewvc Viewvc 1.0.5
Viewvc Viewvc 1.1.2
Viewvc Viewvc 1.1.0
Viewvc Viewvc 1.1.1
Viewvc Viewvc 1.0.3
Viewvc Viewvc 1.0.4
Viewvc Viewvc 1.0.6
Viewvc Viewvc 1.0.8
Viewvc Viewvc 1.0.7
5
CVSSv2
CVE-2009-3619
Unspecified vulnerability in ViewVC 1.0 prior to 1.0.9 and 1.1 prior to 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.0.1
Viewvc Viewvc 1.0.5
Viewvc Viewvc 1.1.0
Viewvc Viewvc 1.1.1
Viewvc Viewvc 1.0.3
Viewvc Viewvc 1.0.4
Viewvc Viewvc 1.0.6
Viewvc Viewvc 1.0.8
Viewvc Viewvc 1.0.7
4.3
CVSSv2
CVE-2007-5743
viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.
Viewvc Viewvc 1.0.3
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2017-5938
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC prior to 1.0.14 and 1.1.x prior to 1.1.26 allows remote malicious users to inject arbitrary web script or HTML via the nav_data name.
Debian Debian Linux 8.0
Opensuse Leap 42.2
Opensuse Project Leap 42.1
Viewvc Viewvc
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »