Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
viewvc viewvc 1.0.2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-1290
ViewVC prior to 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote malicious users to obtain sensitive information.
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.0.3
NA
CVE-2008-1291
ViewVC prior to 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to read files and list folders under the hidden CVSROOT folder.
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.0.3
NA
CVE-2008-1292
ViewVC prior to 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote malicious users to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by travers...
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.0.3
NA
CVE-2009-3618
Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 prior to 1.0.9 and 1.1 prior to 1.1.2 allows remote malicious users to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party information.
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.0.1
Viewvc Viewvc 1.0.5
Viewvc Viewvc 1.1.0
Viewvc Viewvc 1.1.1
Viewvc Viewvc 1.0.3
Viewvc Viewvc 1.0.4
Viewvc Viewvc 1.0.6
Viewvc Viewvc 1.0.8
Viewvc Viewvc 1.0.7
NA
CVE-2009-3619
Unspecified vulnerability in ViewVC 1.0 prior to 1.0.9 and 1.1 prior to 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.0.1
Viewvc Viewvc 1.0.5
Viewvc Viewvc 1.1.0
Viewvc Viewvc 1.1.1
Viewvc Viewvc 1.0.3
Viewvc Viewvc 1.0.4
Viewvc Viewvc 1.0.6
Viewvc Viewvc 1.0.8
Viewvc Viewvc 1.0.7
NA
CVE-2010-0005
query.py in the query interface in ViewVC prior to 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote malicious users to bypass intended access restrictions via a query.
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.0.1
Viewvc Viewvc 1.0.5
Viewvc Viewvc 1.1.0
Viewvc Viewvc 1.1.1
Viewvc Viewvc 1.0.3
Viewvc Viewvc 1.0.4
Viewvc Viewvc 1.0.6
Viewvc Viewvc 1.0.8
Viewvc Viewvc
Viewvc Viewvc 1.0.7
NA
CVE-2010-0004
ViewVC prior to 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote malicious users to discover private root names by reading this view.
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.0.1
Viewvc Viewvc 1.0.5
Viewvc Viewvc 1.1.2
Viewvc Viewvc 1.1.0
Viewvc Viewvc 1.1.1
Viewvc Viewvc 1.0.3
Viewvc Viewvc 1.0.4
Viewvc Viewvc 1.0.6
Viewvc Viewvc 1.0.8
Viewvc Viewvc 1.0.7
NA
CVE-2010-0736
Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC prior to 1.0.10, and 1.1.x prior to 1.1.4, allows remote malicious users to inject arbitrary web script or HTML via "user-provided input."
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.0.1
Viewvc Viewvc
Viewvc Viewvc 1.0.5
Viewvc Viewvc 1.1.2
Viewvc Viewvc 1.1.0
Viewvc Viewvc 1.1.1
Viewvc Viewvc 1.0.3
Viewvc Viewvc 1.0.4
Viewvc Viewvc 1.0.6
Viewvc Viewvc 1.0.8
Viewvc Viewvc 1.0.7
Viewvc Viewvc 1.1.3
NA
CVE-2010-0132
Cross-site scripting (XSS) vulnerability in ViewVC 1.1 prior to 1.1.5 and 1.0 prior to 1.0.11, when the regular expression search functionality is enabled, allows remote malicious users to inject arbitrary web script or HTML via vectors related to "search_re input," a d...
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.0.1
Viewvc Viewvc 1.0.5
Viewvc Viewvc 1.1.2
Viewvc Viewvc 1.0.9
Viewvc Viewvc 1.1.0
Viewvc Viewvc 1.1.1
Viewvc Viewvc 1.1.4
Viewvc Viewvc 1.0.3
Viewvc Viewvc 1.0.4
Viewvc Viewvc 1.0.6
Viewvc Viewvc 1.0.8
Viewvc Viewvc 1.0.10
Viewvc Viewvc 1.0.0
Viewvc Viewvc 1.0.7
Viewvc Viewvc 1.1.3
NA
CVE-2009-5024
ViewVC prior to 1.1.11 allows remote malicious users to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request.
Viewvc Viewvc 1.1.6
Viewvc Viewvc 1.0.2
Viewvc Viewvc 1.1.7
Viewvc Viewvc 1.0.1
Viewvc Viewvc 1.1.5
Viewvc Viewvc 0.8
Viewvc Viewvc 0.9.3
Viewvc Viewvc 1.0.5
Viewvc Viewvc 1.1.2
Viewvc Viewvc 0.9.2
Viewvc Viewvc 1.0.11
Viewvc Viewvc 1.0.9
Viewvc Viewvc 1.1.0
Viewvc Viewvc 1.1.1
Viewvc Viewvc 0.9.1
Viewvc Viewvc 1.1.4
Viewvc Viewvc 0.9.4
Viewvc Viewvc 1.1.8
Viewvc Viewvc 1.0.3
Viewvc Viewvc 1.0.4
Viewvc Viewvc 1.0.6
Viewvc Viewvc 1.0.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »