Show filters
33 Total Results
Displaying 31-33 of 33
Sort by:
Attacker Value
Unknown

CVE-2000-0680

Disclosure Date: October 20, 2000 (last updated February 22, 2025)
The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.
0
Attacker Value
Unknown

CVE-2000-0679

Disclosure Date: October 20, 2000 (last updated February 22, 2025)
The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.
0
Attacker Value
Unknown

CVE-2000-0670

Disclosure Date: July 12, 2000 (last updated February 22, 2025)
The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters.
0