Filtered by vendor Cvstrac
Subscribe
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0347 | 1 Cvstrac | 1 Cvstrac | 2024-11-21 | 4.3 MEDIUM | N/A |
| The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries. | |||||
| CVE-2004-1456 | 1 Cvstrac | 1 Cvstrac | 2024-11-20 | 7.5 HIGH | N/A |
| filediff in CVStrac allows remote attackers to execute arbitrary commands via shell metacharacters in rcsinfo. | |||||
| CVE-2004-1146 | 1 Cvstrac | 1 Cvstrac | 2024-11-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and (2) login.c for CVSTrac before 1.1.5 allow remote attackers to inject arbitrary HTML and web script. | |||||