Shodan
Vulnerabilities
Vulnerable Software
Viewvc:  >> Viewvc  >> 1.0.3  Security Vulnerabilities
CVE-2010-0736
Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input."
CVSS Score
4.3
EPSS Score
0.003
Published
2010-03-19
CVE-2010-0005
query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query.
CVSS Score
7.5
EPSS Score
0.005
Published
2010-01-29
CVE-2010-0004
ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.
CVSS Score
5.0
EPSS Score
0.008
Published
2010-01-29
CVE-2009-3618
Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party information.
CVSS Score
4.3
EPSS Score
0.007
Published
2009-11-10
CVE-2009-3619
Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."
CVSS Score
5.0
EPSS Score
0.005
Published
2009-11-10
CVE-2008-1290
ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.
CVSS Score
4.3
EPSS Score
0.007
Published
2008-03-24
CVE-2008-1291
ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.
CVSS Score
4.3
EPSS Score
0.007
Published
2008-03-24
CVE-2008-1292
ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.
CVSS Score
4.3
EPSS Score
0.007
Published
2008-03-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved