Show filters
14 Total Results
Displaying 11-14 of 14
Sort by:
Attacker Value
Unknown

CVE-2009-2737

Disclosure Date: August 11, 2009 (last updated October 04, 2023)
The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that class, as demonstrated by editing all queries, modifying settings, and adding roles to users.
0
Attacker Value
Unknown

CVE-2008-1474

Disclosure Date: March 24, 2008 (last updated October 04, 2023)
Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS).
0
Attacker Value
Unknown

CVE-2008-1475

Disclosure Date: March 24, 2008 (last updated October 04, 2023)
The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.
0
Attacker Value
Unknown

CVE-2004-1444

Disclosure Date: December 31, 2004 (last updated February 22, 2025)
Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request.
0