Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cvs vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2000-0670
The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters.
Cvsweb Developer Cvsweb 1.80
1 EDB exploit
7.1
CVSSv2
CVE-2004-1471
Format string vulnerability in wrapper.c in CVS 1.12.x up to and including 1.12.8, and 1.11.x up to and including 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string spec...
Cvs Cvs 1.11.10
Cvs Cvs 1.11.11
Cvs Cvs 1.11.5
Cvs Cvs 1.11.6
Openpkg Openpkg 2.0
Openpkg Openpkg Current
Cvs Cvs 1.10.7
Cvs Cvs 1.10.8
Cvs Cvs 1.11
Cvs Cvs 1.11.16
Cvs Cvs 1.11.2
Cvs Cvs 1.12.5
Cvs Cvs 1.12.7
Cvs Cvs 1.11.14
Cvs Cvs 1.11.15
Cvs Cvs 1.12.1
Cvs Cvs 1.12.2
Sgi Propack 2.4
Sgi Propack 3.0
Cvs Cvs 1.11.1
Cvs Cvs 1.11.1 P1
Cvs Cvs 1.11.3
1 EDB exploit
6.9
CVSSv2
CVE-2010-3846
Array index error in the apply_rcs_change function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow.
Nongnu Cvs 1.11.23
6.8
CVSSv2
CVE-2015-9402
The users-ultra plugin prior to 1.5.59 for WordPress has uultra-form-cvs-form-conf arbitrary file upload.
Usersultra Users Ultra Membership
6.8
CVSSv2
CVE-2007-0246
plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 prior to 20070524, aka gforge-plugin-scmcvs, allows remote malicious users to execute arbitrary commands via shell metacharacters in the PATH_INFO.
Gforge Gforge
6.8
CVSSv2
CVE-2006-7075
Buffer overflow in the meta_read_flac function in meta_decoder.c for Aqualung 0.9beta5 and previous versions, and CVS 0.193.2 and previous versions, allows user-assisted malicious users to execute arbitrary code via a long Vorbis comment in a Free Lossless Audio Codec (FLAC) file...
Aqualung Aqualung 0.9 Beta5
6.8
CVSSv2
CVE-2006-6386
Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote malicious users to inject arbitrary web script or HTML via the motivation field in the CVS application...
Drupal Cvs Management And Tracker 4.7 1.0
Drupal Cvs Management And Tracker 4.7 2.0
6.8
CVSSv2
CVE-2004-1036
Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and previous versions, and 1.5.1-cvs prior to 23rd October 2004, allows remote malicious users to execute arbitrary web script or HTML.
Squirrelmail Squirrelmail 1.2.11
Squirrelmail Squirrelmail 1.2.2
Squirrelmail Squirrelmail 1.2.9
Squirrelmail Squirrelmail 1.4
Squirrelmail Squirrelmail 1.2.1
Squirrelmail Squirrelmail 1.2.10
Squirrelmail Squirrelmail 1.2.7
Squirrelmail Squirrelmail 1.2.8
Squirrelmail Squirrelmail 1.5 Dev
Squirrelmail Squirrelmail 1.0.5
Squirrelmail Squirrelmail 1.2
Squirrelmail Squirrelmail 1.2.5
Squirrelmail Squirrelmail 1.2.6
Squirrelmail Squirrelmail 1.4.3 Rc1
Squirrelmail Squirrelmail 1.4.3a
Squirrelmail Squirrelmail 1.0.4
Squirrelmail Squirrelmail 1.2.3
Squirrelmail Squirrelmail 1.2.4
Squirrelmail Squirrelmail 1.4.1
Squirrelmail Squirrelmail 1.4.2
Squirrelmail Squirrelmail 1.4.3
Gentoo Linux
6.8
CVSSv2
CVE-2003-0154
Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote malicious users to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cg...
Mozilla Bonsai 1.3
1 EDB exploit
6.8
CVSSv2
CVE-2002-1681
Cross-site scripting (XSS) vulnerability in Slashcode CVS releases June 17 through July 1 2002 allows remote malicious users to execute arbitrary script as other users by injecting script into the paragraph <P> tag.
Open Source Development Network Slashcode 2.2.2
Open Source Development Network Slashcode 2.2.3
Open Source Development Network Slashcode 2.2.4
Open Source Development Network Slashcode 2.2.5
Open Source Development Network Slashcode 2.2.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »