Vulnerabilities > CVE-2011-4929 - Unspecified vulnerability in Redmine
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 12 |
Exploit-Db
description | Redmine SCM Repository - Arbitrary Command Execution (Metasploit). CVE-2011-4929. Remote exploit for Linux platform |
id | EDB-ID:41695 |
last seen | 2017-03-23 |
modified | 2010-12-19 |
published | 2010-12-19 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/41695/ |
title | Redmine SCM Repository - Arbitrary Command Execution (Metasploit) |
Metasploit
description | This module exploits an arbitrary command execution vulnerability in the Redmine repository controller. The flaw is triggered when a rev parameter is passed to the command line of the SCM tool without adequate filtering. |
id | MSF:EXPLOIT/UNIX/WEBAPP/REDMINE_SCM_EXEC |
last seen | 2020-05-21 |
modified | 2017-07-24 |
published | 2010-12-25 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/webapp/redmine_scm_exec.rb |
title | Redmine SCM Repository Arbitrary Command Execution |