Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cvs vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2004-1635
Bugzilla 2.17.1 up to and including 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticat...
445
VMScore
CVE-2004-0778
CVS 1.11.x prior to 1.11.17, and 1.12.x prior to 1.12.9, allows remote malicious users to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.
Gnu Cvs
445
VMScore
CVE-2004-0417
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x up to and including 1.12.8, and 1.11.x up to and including 1.11.16, may allow remote malicious users to cause a server crash, which could cause temporary data to remain undeleted...
Cvs Cvs 1.11.1
Cvs Cvs 1.11.1 P1
Cvs Cvs 1.11.3
Cvs Cvs 1.11.4
Openpkg Openpkg
Openpkg Openpkg 1.3
Cvs Cvs 1.10.7
Cvs Cvs 1.11.14
Cvs Cvs 1.11.15
Cvs Cvs 1.12.1
Cvs Cvs 1.12.2
Sgi Propack 3.0
Cvs Cvs 1.10.8
Cvs Cvs 1.11
Cvs Cvs 1.11.16
Cvs Cvs 1.11.2
Cvs Cvs 1.12.5
Cvs Cvs 1.12.7
Cvs Cvs 1.12.8
Cvs Cvs 1.11.10
Cvs Cvs 1.11.11
Cvs Cvs 1.11.5
445
VMScore
CVE-2004-0405
CVS prior to 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.
Cvs Cvs
445
VMScore
CVE-2003-0155
bonsai Mozilla CVS query tool allows remote malicious users to gain access to the parameters page without authentication.
Mozilla Bonsai 1.3
445
VMScore
CVE-2002-0092
CVS prior to 1.10.8 does not properly initialize a global variable, which allows remote malicious users to cause a denial of service (server crash) via the diff capability.
Cvs Cvs
435
VMScore
CVE-2007-1287
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote malicious users to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3...
Php Php 4.4.6
Php Php 6.0
Php Php 4.4.4
Php Php 4.4.5
1 EDB exploit
435
VMScore
CVE-2005-4454
Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote malicious users to conduct cross-site scripting (XSS) attacks via a "\" (backslash) within a "javascript" scheme...
Livejournal Livejournal
1 EDB exploit
409
VMScore
CVE-2005-2693
cvsbug in CVS 1.12.12 and previous versions creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.
Cvs Cvs 1.12.12
409
VMScore
CVE-2004-0913
Unknown vulnerability in ecartis 0.x prior to 0.129a+1.0.0-snap20020514-1.3 and 1.x prior to 1.0.0+cvs.20030911-8 allows attackers in the same domain to gain administrator privileges and modify configuration.
Ecartis Ecartis 0.129a
Ecartis Ecartis 1.0.0 Snapshot 2002-01-21
Ecartis Ecartis 1.0.0 Snapshot 2003-03-12
Ecartis Ecartis 1.0.0 Snapshot 2003-03-18
Ecartis Ecartis 1.0.0 Snapshot 2002-01-25
Ecartis Ecartis 1.0.0 Snapshot 2002-04-27
Ecartis Ecartis 1.0.0 Snapshot 2003-04-16
Ecartis Ecartis 1.0.0 Snapshot 2003-04-17
Ecartis Ecartis 1.0.0 Snapshot 2002-05-14
Ecartis Ecartis 1.0.0 Snapshot 2002-10-13
Ecartis Ecartis 1.0.0 Snapshot 2003-02-27
Ecartis Ecartis 1.0.0 Snapshot 2003-03-03
Ecartis Ecartis 1.0.0 Snapshot 2003-03-09
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »