Vulmon
Recent Vulnerabilities
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
viewvc vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2008-4325
lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the...
Viewvc
6.8
CVSSv2
CVE-2006-5442
ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks that inject arbitrary UTF-7 encoded JavaScript code via a view....
Viewvc
5
CVSSv2
CVE-2012-3356
The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors....
Viewvc
2.6
CVSSv2
CVE-2010-0132
Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different...
Viewvc
5
CVSSv2
CVE-2012-3357
The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak."...
Viewvc
5
CVSSv2
CVE-2009-3619
Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."...
Viewvc
7.5
CVSSv2
CVE-2010-0005
query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query....
Viewvc
4.3
CVSSv2
CVE-2008-1290
ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information....
Viewvc
5
CVSSv2
CVE-2009-5024
ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request....
Viewvc
4.3
CVSSv2
CVE-2008-1291
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder....
Viewvc
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-15093
mods-for-hesk
CVE-2020-15092
CVE-2020-15000
insecure direct object reference
encryption
CVE-2020-8193
kingcomposer
CVE-2020-8195
mods for hesk
king-theme
XXE
CVE-2020-12414
1
2
3
4
5
NEXT »
Vulmon