Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cvs vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2005-4455
cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote malicious users to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi.
Livejournal Livejournal
5
CVSSv2
CVE-2005-1121
Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and previous versions, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow malicious users to execute arbitrary code via a URL.
Igor Khasilev Oops Proxy Server 1.4.22
Igor Khasilev Oops Proxy Server 1.5.19
Igor Khasilev Oops Proxy Server 1.5.53
Gentoo Linux
5
CVSSv2
CVE-2004-0915
Multiple unknown vulnerabilities in viewcvs prior to 0.9.2, when exporting a repository as a tar archive, does not properly implement the hide_cvsroot and forbidden settings, which could allow remote malicious users to gain sensitive information.
Viewcvs Viewcvs 0.9.2
Debian Debian Linux 3.0
5
CVSSv2
CVE-2004-1543
Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cvs and previous versions allows remote malicious users to list arbitrary directories via a .. (dot dot) in the path parameter.
Korweblog Korweblog 1.6.2cvs
1 EDB exploit
5
CVSSv2
CVE-2004-1343
CVS 1.12 and previous versions on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote malicious users to cause a denial of service (server crash).
Cvs Cvs 1.10.7
Cvs Cvs 1.11
Cvs Cvs 1.11.16
Cvs Cvs 1.11.3
Cvs Cvs 1.11.1 P1
Cvs Cvs 1.11.10
Cvs Cvs 1.11.11
Cvs Cvs 1.11.14
Cvs Cvs 1.10
Cvs Cvs 1.10.6
Cvs Cvs 1.11.5
Cvs Cvs 1.11.6
Cvs Cvs 1.12
Cvs Cvs 1.10.8
Cvs Cvs 1.11.1
Cvs Cvs 1.11.15
Cvs Cvs 1.11.2
Cvs Cvs 1.11.4
5
CVSSv2
CVE-2004-1426
Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs and previous versions allows remote malicious users to read arbitrary files and execute arbitrary PHP files via .. (dot dot) sequences in the lng parameter.
Korweblog Korweblog 1.6.1
Korweblog Korweblog 1.6.2cvs
5
CVSSv2
CVE-2004-1633
process_bug.cgi in Bugzilla 2.9 up to and including 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter.
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.17.4
Mozilla Bugzilla 2.9
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.16.4
Mozilla Bugzilla 2.16.5
Mozilla Bugzilla 2.17.7
Mozilla Bugzilla 2.18
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.17
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.19
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.16.2
Mozilla Bugzilla 2.16.3
5
CVSSv2
CVE-2004-1634
show_bug.cgi in Bugzilla 2.17.1 up to and including 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows comments and attachment summaries which are marked as private, which allows remote malicious users to gain sensitive information.
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.16.3
Mozilla Bugzilla 2.16.4
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.17.7
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.16.5
Mozilla Bugzilla 2.17
Mozilla Bugzilla 2.18
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.16.2
5
CVSSv2
CVE-2004-1635
Bugzilla 2.17.1 up to and including 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticat...
5
CVSSv2
CVE-2004-0778
CVS 1.11.x prior to 1.11.17, and 1.12.x prior to 1.12.9, allows remote malicious users to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.
Gnu Cvs
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »