VYPR

Trac

by Trac

pypi: trac

CVEs (5)

  • CVE-2010-5108HigNov 13, 2019
    risk 0.49cvss 7.5epss 0.01

    Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.

  • CVE-2010-0394Feb 10, 2010
    risk 0.00cvss epss 0.03

    PyGIT.py in the Trac Git plugin (trac-git) before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain…

  • CVE-2008-5647Dec 17, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors.

  • CVE-2008-5646Dec 17, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Trac before 0.11.2 allows attackers to cause a denial of service via unknown attack vectors related to "certain wiki markup."

  • CVE-2005-2147Jul 6, 2005
    risk 0.00cvss epss 0.01

    Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts.