The CollabNet Subversion Edge Management Frontend fails to implement any cross site request forgery protection. Fixed in version 5.0. Version 4.0.11 is affected.
51550678e302e308a0266d2824d45d664b115efd79d9d9699ff2ea9b8606149cThe CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the tail action. Fixed in version 5.0. Version 4.0.11 is affected.
3a33fc1ca00a370d70ae632d4e5ff2d50d6aebfcfe2f943cfc2b1fac21f6187aThe management frontend does not require the old password for changing the password to a new one. An authenticated attacker may perform password setting attacks via XSRF without knowing the current password. An attacker that stole a Session ID (cookie) is able to gain persistent access by changing the password. Fixed in version 5.0. Version 4.0.11 is affected.
b01690bfbbc4be90118e3f7f950ff41e45b8a303eb3e13ca92e517d946087a0aThe CollabNet Subversion Edge Management stores passwords as unsalted MD5 hashes. Unsalted MD5 hashes can easily be cracked by brute forcing the password. Fixed in version 5.0. Version 4.0.11 is affected.
8cc3148316f4aa4c7d8a4758a7e89063b6e5b83abbe5c26a33241c18c888460cThe CollabNet Subversion Edge Management web application does not restrict users to be logged in only once and does not provide a configuration option to configure this feature for admins and/or user accounts. Fixed in version 5.0. Version 4.0.11 is affected.
136cd2ad53bd137bb66b883f29da54e22164f5784ffa08198eb81b5bca4a4facThe CollabNet Subversion Edge Management Frontend does not protect against brute forcing accounts. An attacker has infinite tries to guess a valid user password. Fixed in version 5.0. Version 4.0.11 is affected.
c4a5be8f15df488c6909bf4b2ac7dc41e0d49ed272885ca67e0b4f9bf8d4b650The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "listViewItem" parameter of the "index" action. Fixed in version 5.0. Version 4.0.11 is affected.
056057c0fb271eb7d3df3d949644529069ad9b220d3cea13dac2b89f6483c3e0The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the show action. Fixed in version 5.0. Version 4.0.11 is affected.
a81a00d4e11ec10f5cba3ea70751d59751a88dc2fb69e74a400c31265fe07b31CollabNet Subversion Edge Management Frontend does not implement clickjacking protection. Fixed in version 5.0. Version 4.0.11 is affected.
c207b180dc94d5a50e20b860125c9f73e2c49f364c17a3013f7603f8c6f2d141The CollabNet Subversion Edge Management does not implement a strong passwordpolicy. Passwords like "aaaaa" are allowed as the only requirement is that the password is at least 5 characters long. Fixed in version 5.0. Version 4.0.11 is affected.
f122205e04ea0584d756f4c07ab8c745e0d178bd283e8cbc86963df7402628e9The CollabNet Subversion Edge management frontend login page password field has autocomplete enabled. This may allow an attacker to retrieve a stored password from the browsers key store. Fixed in version 5.0. Version 4.0.11 is affected.
020e15b4242216e2e5a8d794bda6b2c2bedd387d58410fbce5ecb455fa026919The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the "downloadHook" action. Fixed in version 5.0.
37d936d9d7e63a4ff0e4d5ba93bd86e716a8d053ae486aae462f028a417603ccThe CollabNet Subversion Edge Management Frontend leaks the unsalted MD5 hash of password of the currently logged in user via a "POST /csvn/user/index" request. An attacker that exploits an XSS or has gained a valid session via other means is able to retrieve the unsalted MD5 hash of the corresponding user and easily crack the hash in order to know the users password. Fixed in version 5.0.
1d88ce5b1e015850cee7a266039f0317d57a1d11a0b2b10402aefdd630149ba1The CollabNet Subversion Edge Management Frontend allows authenticated administrators to escalate their privileges by creating and executing hook scripts. As a result they are able to execute arbitrary commands as the user the Management Frontend is running under without authenticating with valid credentials. Fixed in version 5.0.
6367d80f85ed6df597af815bf79b0b9c35711023632a3e93c0eae53e289e7171The default installation of Skype is vulnerable to a local privilege escalation attack that allows an unprivileged attacker to execute arbitrary code with NT AUTHORITY/SYSTEM privileges. Versions 6.2.0.106 and below are affected.
d220809c5a2ec3bca6b7d83539650b12420bc8778406212fc05cd585e28a6a0fEmpirum version 14.0 from Matrix42 is prone to a trivial password recovery attack that allows users to obtain passwords encrypted with the EmpCrypt.exe.
b8bfd848ac2af64d7799cf9258bc83cfefcfe8500dd019f1128511e9ba936b3eThe PcwRunAs software available from the PC-Welt website is prone to a trivial password recovery attack that allows local users to obtain passwords encrypted with the pcwRunAsGui.exe. pcwRunAs versions 0.4 and below are affected.
811b545d5083c227c56986dbdeeac60ef0a1b6690230618e3d3b76f311c4ab12Torrent-Stats suffers from a denial of service vulnerability in httpd.c.
800bc0f63fdba947738b01388e1c4834532ab1fc95c5b2912e467da4293d8011NX Web Companion suffers from a spoofing vulnerability that may allow for arbitrary code execution.
c6dbb4c255fa34d27c7f911a58e314d1f1d2ecc2c658c6db8ccba523adf5f97bLocal proof of concept exploit that demonstrates a privilege boundary crossing vulnerability in acpid. Written to work on Ubuntu 11.10 and 11.04.
db41e68389796e2550b308a702d82798e2fc58981a4d76192e86c8e6d1ff1029
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed