Cvstrac
by Cvstrac
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-1456 | 0.07 | — | 0.54 | Dec 31, 2004 | filediff in CVStrac allows remote attackers to execute arbitrary commands via shell metacharacters in rcsinfo. | |||
| CVE-2007-0347 | 0.03 | — | 0.02 | Jan 29, 2007 | The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries. | |||
| CVE-2004-1146 | 0.00 | — | 0.01 | Dec 31, 2004 | Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and (2) login.c for CVSTrac before 1.1.5 allow remote attackers to inject arbitrary HTML and web script. |
- CVE-2004-1456Dec 31, 2004risk 0.07cvss —epss 0.54
filediff in CVStrac allows remote attackers to execute arbitrary commands via shell metacharacters in rcsinfo.
- CVE-2007-0347Jan 29, 2007risk 0.03cvss —epss 0.02
The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries.
- CVE-2004-1146Dec 31, 2004risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and (2) login.c for CVSTrac before 1.1.5 allow remote attackers to inject arbitrary HTML and web script.