Search criteria

12 vulnerabilities by edgewall_software

CVE-2008-3328 (GCVE-0-2008-3328)

Vulnerability from cvelistv5 – Published: 2008-07-27 22:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
http://www.securityfocus.com/bid/30400 vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/31231 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/31314 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/2223… vdb-entryx_refsource_VUPEN
http://trac.edgewall.org/wiki/ChangeLog x_refsource_CONFIRM
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:37:26.950Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2008-6833",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html"
          },
          {
            "name": "FEDORA-2008-6830",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html"
          },
          {
            "name": "30400",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30400"
          },
          {
            "name": "trac-wikiengine-xss(44016)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44016"
          },
          {
            "name": "31231",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31231"
          },
          {
            "name": "31314",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31314"
          },
          {
            "name": "ADV-2008-2223",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2223/references"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://trac.edgewall.org/wiki/ChangeLog"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-06-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "FEDORA-2008-6833",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html"
        },
        {
          "name": "FEDORA-2008-6830",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html"
        },
        {
          "name": "30400",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30400"
        },
        {
          "name": "trac-wikiengine-xss(44016)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44016"
        },
        {
          "name": "31231",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31231"
        },
        {
          "name": "31314",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31314"
        },
        {
          "name": "ADV-2008-2223",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2223/references"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://trac.edgewall.org/wiki/ChangeLog"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3328",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2008-6833",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html"
            },
            {
              "name": "FEDORA-2008-6830",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html"
            },
            {
              "name": "30400",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/30400"
            },
            {
              "name": "trac-wikiengine-xss(44016)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44016"
            },
            {
              "name": "31231",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31231"
            },
            {
              "name": "31314",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31314"
            },
            {
              "name": "ADV-2008-2223",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2223/references"
            },
            {
              "name": "http://trac.edgewall.org/wiki/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://trac.edgewall.org/wiki/ChangeLog"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3328",
    "datePublished": "2008-07-27T22:00:00",
    "dateReserved": "2008-07-27T00:00:00",
    "dateUpdated": "2024-08-07T09:37:26.950Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-1405 (GCVE-0-2007-1405)

Vulnerability from cvelistv5 – Published: 2007-03-10 22:00 – Updated: 2024-08-07 12:59
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/24470 third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.vupen.com/english/advisories/2007/0900 vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/bid/22888 vdb-entryx_refsource_BID
http://trac.edgewall.org/wiki/ChangeLog x_refsource_CONFIRM
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:59:06.754Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "24470",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24470"
          },
          {
            "name": "trac-downloadwikipageastext-xss(32897)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32897"
          },
          {
            "name": "ADV-2007-0900",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0900"
          },
          {
            "name": "22888",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22888"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://trac.edgewall.org/wiki/ChangeLog"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the \"download wiki page as text\" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "24470",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24470"
        },
        {
          "name": "trac-downloadwikipageastext-xss(32897)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32897"
        },
        {
          "name": "ADV-2007-0900",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0900"
        },
        {
          "name": "22888",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22888"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://trac.edgewall.org/wiki/ChangeLog"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1405",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the \"download wiki page as text\" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "24470",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24470"
            },
            {
              "name": "trac-downloadwikipageastext-xss(32897)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32897"
            },
            {
              "name": "ADV-2007-0900",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0900"
            },
            {
              "name": "22888",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22888"
            },
            {
              "name": "http://trac.edgewall.org/wiki/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://trac.edgewall.org/wiki/ChangeLog"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1405",
    "datePublished": "2007-03-10T22:00:00",
    "dateReserved": "2007-03-10T00:00:00",
    "dateUpdated": "2024-08-07T12:59:06.754Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-1406 (GCVE-0-2007-1406)

Vulnerability from cvelistv5 – Published: 2007-03-10 22:00 – Updated: 2024-09-16 23:47
VLAI?
Summary
Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:59:06.989Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://trac.edgewall.org/wiki/ChangeLog"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain \"unsafe\" situations, which has unknown impact and remote attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-03-10T22:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://trac.edgewall.org/wiki/ChangeLog"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1406",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain \"unsafe\" situations, which has unknown impact and remote attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://trac.edgewall.org/wiki/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://trac.edgewall.org/wiki/ChangeLog"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1406",
    "datePublished": "2007-03-10T22:00:00Z",
    "dateReserved": "2007-03-10T00:00:00Z",
    "dateUpdated": "2024-09-16T23:47:02.146Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-5878 (GCVE-0-2006-5878)

Vulnerability from cvelistv5 – Published: 2006-11-14 19:00 – Updated: 2024-08-07 20:04
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://security.gentoo.org/glsa/glsa-200612-14.xml vendor-advisoryx_refsource_GENTOO
http://secunia.com/advisories/22789 third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2006/dsa-1209 vendor-advisoryx_refsource_DEBIAN
http://secunia.com/advisories/23357 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/4422 vdb-entryx_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/22868 third-party-advisoryx_refsource_SECUNIA
http://trac.edgewall.org/ticket/4049 x_refsource_MISC
http://trac.edgewall.org/wiki/ChangeLog x_refsource_CONFIRM
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:04:55.766Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-200612-14",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200612-14.xml"
          },
          {
            "name": "22789",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22789"
          },
          {
            "name": "DSA-1209",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1209"
          },
          {
            "name": "23357",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23357"
          },
          {
            "name": "ADV-2006-4422",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4422"
          },
          {
            "name": "trac-unspecified-csrf(30146)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30146"
          },
          {
            "name": "22868",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22868"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://trac.edgewall.org/ticket/4049"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://trac.edgewall.org/wiki/ChangeLog"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-11-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-200612-14",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200612-14.xml"
        },
        {
          "name": "22789",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22789"
        },
        {
          "name": "DSA-1209",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1209"
        },
        {
          "name": "23357",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23357"
        },
        {
          "name": "ADV-2006-4422",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4422"
        },
        {
          "name": "trac-unspecified-csrf(30146)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30146"
        },
        {
          "name": "22868",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22868"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://trac.edgewall.org/ticket/4049"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://trac.edgewall.org/wiki/ChangeLog"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5878",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-200612-14",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200612-14.xml"
            },
            {
              "name": "22789",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22789"
            },
            {
              "name": "DSA-1209",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1209"
            },
            {
              "name": "23357",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23357"
            },
            {
              "name": "ADV-2006-4422",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4422"
            },
            {
              "name": "trac-unspecified-csrf(30146)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30146"
            },
            {
              "name": "22868",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22868"
            },
            {
              "name": "http://trac.edgewall.org/ticket/4049",
              "refsource": "MISC",
              "url": "http://trac.edgewall.org/ticket/4049"
            },
            {
              "name": "http://trac.edgewall.org/wiki/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://trac.edgewall.org/wiki/ChangeLog"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5878",
    "datePublished": "2006-11-14T19:00:00",
    "dateReserved": "2006-11-14T00:00:00",
    "dateUpdated": "2024-08-07T20:04:55.766Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-3695 (GCVE-0-2006-3695)

Vulnerability from cvelistv5 – Published: 2006-07-19 01:00 – Updated: 2024-08-07 18:39
VLAI?
Summary
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.vupen.com/english/advisories/2006/2729 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/20958 third-party-advisoryx_refsource_SECUNIA
http://securitytracker.com/id?1016457 vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/18323 vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.debian.org/security/2006/dsa-1152 vendor-advisoryx_refsource_DEBIAN
http://secunia.com/advisories/21534 third-party-advisoryx_refsource_SECUNIA
http://trac.edgewall.org/wiki/ChangeLog x_refsource_CONFIRM
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:39:53.571Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "trac-restructuredtext-obtain-information(27706)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27706"
          },
          {
            "name": "ADV-2006-2729",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2729"
          },
          {
            "name": "20958",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20958"
          },
          {
            "name": "1016457",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016457"
          },
          {
            "name": "18323",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18323"
          },
          {
            "name": "trac-restructuredtext-dos(27708)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27708"
          },
          {
            "name": "DSA-1152",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1152"
          },
          {
            "name": "21534",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21534"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://trac.edgewall.org/wiki/ChangeLog"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Trac before 0.9.6 does not disable the \"raw\" or \"include\" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "trac-restructuredtext-obtain-information(27706)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27706"
        },
        {
          "name": "ADV-2006-2729",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2729"
        },
        {
          "name": "20958",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20958"
        },
        {
          "name": "1016457",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016457"
        },
        {
          "name": "18323",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18323"
        },
        {
          "name": "trac-restructuredtext-dos(27708)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27708"
        },
        {
          "name": "DSA-1152",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1152"
        },
        {
          "name": "21534",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21534"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://trac.edgewall.org/wiki/ChangeLog"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3695",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Trac before 0.9.6 does not disable the \"raw\" or \"include\" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "trac-restructuredtext-obtain-information(27706)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27706"
            },
            {
              "name": "ADV-2006-2729",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2729"
            },
            {
              "name": "20958",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20958"
            },
            {
              "name": "1016457",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016457"
            },
            {
              "name": "18323",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18323"
            },
            {
              "name": "trac-restructuredtext-dos(27708)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27708"
            },
            {
              "name": "DSA-1152",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1152"
            },
            {
              "name": "21534",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21534"
            },
            {
              "name": "http://trac.edgewall.org/wiki/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://trac.edgewall.org/wiki/ChangeLog"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3695",
    "datePublished": "2006-07-19T01:00:00",
    "dateReserved": "2006-07-18T00:00:00",
    "dateUpdated": "2024-08-07T18:39:53.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-2106 (GCVE-0-2006-2106)

Vulnerability from cvelistv5 – Published: 2006-04-29 10:00 – Updated: 2024-08-07 17:35
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro."
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/19870 third-party-advisoryx_refsource_SECUNIA
http://jvn.jp/jp/JVN%2384091359/index.html third-party-advisoryx_refsource_JVN
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.edgewall.com/blog/news/trac_0_9_5.html x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/1557 vdb-entryx_refsource_VUPEN
http://securitytracker.com/id?1015986 vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/17741 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:35:31.382Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "19870",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19870"
          },
          {
            "name": "JVN#84091359",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/jp/JVN%2384091359/index.html"
          },
          {
            "name": "trac-wiki-engine-xss(26125)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26125"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.edgewall.com/blog/news/trac_0_9_5.html"
          },
          {
            "name": "ADV-2006-1557",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1557"
          },
          {
            "name": "1015986",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015986"
          },
          {
            "name": "17741",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17741"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-04-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a \"wiki macro.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "19870",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19870"
        },
        {
          "name": "JVN#84091359",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/jp/JVN%2384091359/index.html"
        },
        {
          "name": "trac-wiki-engine-xss(26125)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26125"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.edgewall.com/blog/news/trac_0_9_5.html"
        },
        {
          "name": "ADV-2006-1557",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1557"
        },
        {
          "name": "1015986",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015986"
        },
        {
          "name": "17741",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17741"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2106",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a \"wiki macro.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "19870",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19870"
            },
            {
              "name": "JVN#84091359",
              "refsource": "JVN",
              "url": "http://jvn.jp/jp/JVN%2384091359/index.html"
            },
            {
              "name": "trac-wiki-engine-xss(26125)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26125"
            },
            {
              "name": "http://www.edgewall.com/blog/news/trac_0_9_5.html",
              "refsource": "CONFIRM",
              "url": "http://www.edgewall.com/blog/news/trac_0_9_5.html"
            },
            {
              "name": "ADV-2006-1557",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1557"
            },
            {
              "name": "1015986",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015986"
            },
            {
              "name": "17741",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17741"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2106",
    "datePublished": "2006-04-29T10:00:00",
    "dateReserved": "2006-04-29T00:00:00",
    "dateUpdated": "2024-08-07T17:35:31.382Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-4644 (GCVE-0-2005-4644)

Vulnerability from cvelistv5 – Published: 2006-01-11 21:00 – Updated: 2024-08-07 23:53
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/18555 third-party-advisoryx_refsource_SECUNIA
http://trac.edgewall.org/ticket/2473 x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/18465 third-party-advisoryx_refsource_SECUNIA
http://projects.edgewall.com/trac/ticket/2473 x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/0226 vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/bid/16198 vdb-entryx_refsource_BID
http://www.debian.org/security/2006/dsa-951 vendor-advisoryx_refsource_DEBIAN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:53:28.548Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "18555",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18555"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://trac.edgewall.org/ticket/2473"
          },
          {
            "name": "trac-html-xss(24183)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24183"
          },
          {
            "name": "18465",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18465"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://projects.edgewall.com/trac/ticket/2473"
          },
          {
            "name": "ADV-2006-0226",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0226"
          },
          {
            "name": "16198",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16198"
          },
          {
            "name": "DSA-951",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-951"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-12-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "18555",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18555"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://trac.edgewall.org/ticket/2473"
        },
        {
          "name": "trac-html-xss(24183)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24183"
        },
        {
          "name": "18465",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18465"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://projects.edgewall.com/trac/ticket/2473"
        },
        {
          "name": "ADV-2006-0226",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0226"
        },
        {
          "name": "16198",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16198"
        },
        {
          "name": "DSA-951",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-951"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-4644",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "18555",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18555"
            },
            {
              "name": "http://trac.edgewall.org/ticket/2473",
              "refsource": "CONFIRM",
              "url": "http://trac.edgewall.org/ticket/2473"
            },
            {
              "name": "trac-html-xss(24183)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24183"
            },
            {
              "name": "18465",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18465"
            },
            {
              "name": "http://projects.edgewall.com/trac/ticket/2473",
              "refsource": "CONFIRM",
              "url": "http://projects.edgewall.com/trac/ticket/2473"
            },
            {
              "name": "ADV-2006-0226",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0226"
            },
            {
              "name": "16198",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16198"
            },
            {
              "name": "DSA-951",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-951"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-4644",
    "datePublished": "2006-01-11T21:00:00",
    "dateReserved": "2006-01-11T00:00:00",
    "dateUpdated": "2024-08-07T23:53:28.548Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-4305 (GCVE-0-2005-4305)

Vulnerability from cvelistv5 – Published: 2005-12-17 00:00 – Updated: 2024-08-07 23:38
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.gentoo.org/security/en/glsa/glsa-20060… vendor-advisoryx_refsource_GENTOO
http://securitytracker.com/id?1015363 vdb-entryx_refsource_SECTRACK
http://www.vupen.com/english/advisories/2005/2936 vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/bid/16386 vdb-entryx_refsource_BID
http://projects.edgewall.com/trac/wiki/ChangeLog x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://secunia.com/advisories/18048 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/18625 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:38:51.647Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-200601-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-12.xml"
          },
          {
            "name": "1015363",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015363"
          },
          {
            "name": "ADV-2005-2936",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2936"
          },
          {
            "name": "16386",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16386"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://projects.edgewall.com/trac/wiki/ChangeLog"
          },
          {
            "name": "trac-url-path-xss(23775)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23775"
          },
          {
            "name": "18048",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18048"
          },
          {
            "name": "18625",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18625"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-12-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-200601-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-12.xml"
        },
        {
          "name": "1015363",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015363"
        },
        {
          "name": "ADV-2005-2936",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2936"
        },
        {
          "name": "16386",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16386"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://projects.edgewall.com/trac/wiki/ChangeLog"
        },
        {
          "name": "trac-url-path-xss(23775)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23775"
        },
        {
          "name": "18048",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18048"
        },
        {
          "name": "18625",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18625"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-4305",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-200601-12",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200601-12.xml"
            },
            {
              "name": "1015363",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015363"
            },
            {
              "name": "ADV-2005-2936",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/2936"
            },
            {
              "name": "16386",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16386"
            },
            {
              "name": "http://projects.edgewall.com/trac/wiki/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://projects.edgewall.com/trac/wiki/ChangeLog"
            },
            {
              "name": "trac-url-path-xss(23775)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23775"
            },
            {
              "name": "18048",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18048"
            },
            {
              "name": "18625",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18625"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-4305",
    "datePublished": "2005-12-17T00:00:00",
    "dateReserved": "2005-12-16T00:00:00",
    "dateUpdated": "2024-08-07T23:38:51.647Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-4065 (GCVE-0-2005-4065)

Vulnerability from cvelistv5 – Published: 2005-12-07 11:00 – Updated: 2024-08-07 23:31
VLAI?
Summary
SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/18555 third-party-advisoryx_refsource_SECUNIA
http://www.osvdb.org/21459 vdb-entryx_refsource_OSVDB
http://lists.edgewall.com/archive/trac/2005-Decem… mailing-listx_refsource_MLIST
http://securityreason.com/securityalert/222 third-party-advisoryx_refsource_SREASON
http://secunia.com/advisories/17894 third-party-advisoryx_refsource_SECUNIA
http://projects.edgewall.com/trac/wiki/ChangeLog x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2005/2766 vdb-entryx_refsource_VUPEN
http://www.debian.org/security/2006/dsa-951 vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/15720 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:31:48.938Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "18555",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18555"
          },
          {
            "name": "21459",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/21459"
          },
          {
            "name": "[Trac] 20051205 SECURITY: Trac 0.9.2 Released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.edgewall.com/archive/trac/2005-December/005777.html"
          },
          {
            "name": "222",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/222"
          },
          {
            "name": "17894",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17894"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://projects.edgewall.com/trac/wiki/ChangeLog"
          },
          {
            "name": "ADV-2005-2766",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2766"
          },
          {
            "name": "DSA-951",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-951"
          },
          {
            "name": "15720",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15720"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-12-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-12-12T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "18555",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18555"
        },
        {
          "name": "21459",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/21459"
        },
        {
          "name": "[Trac] 20051205 SECURITY: Trac 0.9.2 Released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.edgewall.com/archive/trac/2005-December/005777.html"
        },
        {
          "name": "222",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/222"
        },
        {
          "name": "17894",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17894"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://projects.edgewall.com/trac/wiki/ChangeLog"
        },
        {
          "name": "ADV-2005-2766",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2766"
        },
        {
          "name": "DSA-951",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-951"
        },
        {
          "name": "15720",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15720"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-4065",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "18555",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18555"
            },
            {
              "name": "21459",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/21459"
            },
            {
              "name": "[Trac] 20051205 SECURITY: Trac 0.9.2 Released",
              "refsource": "MLIST",
              "url": "http://lists.edgewall.com/archive/trac/2005-December/005777.html"
            },
            {
              "name": "222",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/222"
            },
            {
              "name": "17894",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17894"
            },
            {
              "name": "http://projects.edgewall.com/trac/wiki/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://projects.edgewall.com/trac/wiki/ChangeLog"
            },
            {
              "name": "ADV-2005-2766",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/2766"
            },
            {
              "name": "DSA-951",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-951"
            },
            {
              "name": "15720",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15720"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-4065",
    "datePublished": "2005-12-07T11:00:00",
    "dateReserved": "2005-12-07T00:00:00",
    "dateUpdated": "2024-08-07T23:31:48.938Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-3980 (GCVE-0-2005-3980)

Vulnerability from cvelistv5 – Published: 2005-12-04 11:00 – Updated: 2024-08-07 23:31
VLAI?
Summary
SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securityfocus.com/archive/1/418294/100… mailing-listx_refsource_BUGTRAQ
http://www.osvdb.org/21386 vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/17836/ third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2005/2701 vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/bid/15676/ vdb-entryx_refsource_BID
http://projects.edgewall.com/trac/wiki/ChangeLog x_refsource_CONFIRM
http://securitytracker.com/id?1015302 vdb-entryx_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:31:48.901Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20051201 Edgewall Trac SQL Injection Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/418294/100/0/threaded"
          },
          {
            "name": "21386",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/21386"
          },
          {
            "name": "17836",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17836/"
          },
          {
            "name": "ADV-2005-2701",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2701"
          },
          {
            "name": "15676",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15676/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://projects.edgewall.com/trac/wiki/ChangeLog"
          },
          {
            "name": "1015302",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015302"
          },
          {
            "name": "trac-query-sql-injection(23461)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23461"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-12-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20051201 Edgewall Trac SQL Injection Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/418294/100/0/threaded"
        },
        {
          "name": "21386",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/21386"
        },
        {
          "name": "17836",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17836/"
        },
        {
          "name": "ADV-2005-2701",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2701"
        },
        {
          "name": "15676",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15676/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://projects.edgewall.com/trac/wiki/ChangeLog"
        },
        {
          "name": "1015302",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015302"
        },
        {
          "name": "trac-query-sql-injection(23461)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23461"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3980",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20051201 Edgewall Trac SQL Injection Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/418294/100/0/threaded"
            },
            {
              "name": "21386",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/21386"
            },
            {
              "name": "17836",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17836/"
            },
            {
              "name": "ADV-2005-2701",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/2701"
            },
            {
              "name": "15676",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15676/"
            },
            {
              "name": "http://projects.edgewall.com/trac/wiki/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://projects.edgewall.com/trac/wiki/ChangeLog"
            },
            {
              "name": "1015302",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015302"
            },
            {
              "name": "trac-query-sql-injection(23461)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23461"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3980",
    "datePublished": "2005-12-04T11:00:00",
    "dateReserved": "2005-12-04T00:00:00",
    "dateUpdated": "2024-08-07T23:31:48.901Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-2147 (GCVE-0-2005-2147)

Vulnerability from cvelistv5 – Published: 2005-07-06 04:00 – Updated: 2024-09-16 22:03
VLAI?
Summary
Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.hardened-php.net/advisory-012005.php x_refsource_MISC
http://secunia.com/advisories/15752 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/13990 vdb-entryx_refsource_BID
http://www.debian.org/security/2005/dsa-739 vendor-advisoryx_refsource_DEBIAN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T22:15:37.391Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.hardened-php.net/advisory-012005.php"
          },
          {
            "name": "15752",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/15752"
          },
          {
            "name": "13990",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/13990"
          },
          {
            "name": "DSA-739",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-739"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-07-06T04:00:00Z",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.hardened-php.net/advisory-012005.php"
        },
        {
          "name": "15752",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/15752"
        },
        {
          "name": "13990",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/13990"
        },
        {
          "name": "DSA-739",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-739"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2005-2147",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.hardened-php.net/advisory-012005.php",
              "refsource": "MISC",
              "url": "http://www.hardened-php.net/advisory-012005.php"
            },
            {
              "name": "15752",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/15752"
            },
            {
              "name": "13990",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/13990"
            },
            {
              "name": "DSA-739",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2005/dsa-739"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2005-2147",
    "datePublished": "2005-07-06T04:00:00Z",
    "dateReserved": "2005-07-06T00:00:00Z",
    "dateUpdated": "2024-09-16T22:03:30.360Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-2007 (GCVE-0-2005-2007)

Vulnerability from cvelistv5 – Published: 2005-06-20 04:00 – Updated: 2024-09-16 16:13
VLAI?
Summary
Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the id parameter to the (1) upload or (2) attachment scripts.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T22:15:36.558Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.hardened-php.net/advisory-012005.php"
          },
          {
            "name": "20050619 Advisory 01/2005: Fileupload/download vulnerability in Trac",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034618.html"
          },
          {
            "name": "15752",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/15752"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.edgewall.com/repos/trac/tags/trac-0.8.4/ChangeLog"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the id parameter to the (1) upload or (2) attachment scripts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-06-20T04:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.hardened-php.net/advisory-012005.php"
        },
        {
          "name": "20050619 Advisory 01/2005: Fileupload/download vulnerability in Trac",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034618.html"
        },
        {
          "name": "15752",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/15752"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.edgewall.com/repos/trac/tags/trac-0.8.4/ChangeLog"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-2007",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the id parameter to the (1) upload or (2) attachment scripts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.hardened-php.net/advisory-012005.php",
              "refsource": "MISC",
              "url": "http://www.hardened-php.net/advisory-012005.php"
            },
            {
              "name": "20050619 Advisory 01/2005: Fileupload/download vulnerability in Trac",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034618.html"
            },
            {
              "name": "15752",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/15752"
            },
            {
              "name": "http://svn.edgewall.com/repos/trac/tags/trac-0.8.4/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://svn.edgewall.com/repos/trac/tags/trac-0.8.4/ChangeLog"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-2007",
    "datePublished": "2005-06-20T04:00:00Z",
    "dateReserved": "2005-06-20T00:00:00Z",
    "dateUpdated": "2024-09-16T16:13:40.717Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}