Trac
Products
1- Trac5 CVEspypi
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-5108 | Hig | 0.49 | 7.5 | 0.01 | Nov 13, 2019 | Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions. | ||
| CVE-2010-0394 | 0.00 | — | 0.03 | Feb 10, 2010 | PyGIT.py in the Trac Git plugin (trac-git) before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain… | |||
| CVE-2008-5647 | 0.00 | — | 0.01 | Dec 17, 2008 | Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors. | |||
| CVE-2008-5646 | 0.00 | — | 0.01 | Dec 17, 2008 | Unspecified vulnerability in Trac before 0.11.2 allows attackers to cause a denial of service via unknown attack vectors related to "certain wiki markup." | |||
| CVE-2005-2147 | 0.00 | — | 0.01 | Jul 6, 2005 | Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts. |
- risk 0.49cvss 7.5epss 0.01
Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.
- CVE-2010-0394Feb 10, 2010risk 0.00cvss —epss 0.03
PyGIT.py in the Trac Git plugin (trac-git) before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain…
- CVE-2008-5647Dec 17, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors.
- CVE-2008-5646Dec 17, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in Trac before 0.11.2 allows attackers to cause a denial of service via unknown attack vectors related to "certain wiki markup."
- CVE-2005-2147Jul 6, 2005risk 0.00cvss —epss 0.01
Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts.