[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-6350Date: (C)2007-12-14   (M)2023-12-22


scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 8.5
Exploit Score: 6.8
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1019103
BID-26900
SECUNIA-28123
SECUNIA-28538
SECUNIA-28944
SECUNIA-28981
OSVDB-44137
ADV-2007-4243
DSA-1473
FEDORA-2008-1728
FEDORA-2008-1743
GLSA-200802-06
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437148
http://bugs.gentoo.org/show_bug.cgi?id=201726
http://scponly.cvs.sourceforge.net/scponly/scponly/SECURITY?view=markup

CWE    1
CWE-264
OVAL    1
oval:org.mitre.oval:def:7732

© SecPod Technologies