All the vulnerabilites related to dokuwiki - dokuwiki
cve-2016-7965
Vulnerability from cvelistv5
Published
2016-10-31 10:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can change the URL's hostname via the HTTP Host header.) The vulnerability can be triggered only if the Host header is not part of the web server routing process (e.g., if several domains are served by the same web server).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94237 | vdb-entry, x_refsource_BID | |
| https://github.com/splitbrain/dokuwiki/issues/1709 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94237",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94237"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/1709"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can change the URL\u0027s hostname via the HTTP Host header.) The vulnerability can be triggered only if the Host header is not part of the web server routing process (e.g., if several domains are served by the same web server)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94237",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94237"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/1709"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can change the URL\u0027s hostname via the HTTP Host header.) The vulnerability can be triggered only if the Host header is not part of the web server routing process (e.g., if several domains are served by the same web server)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94237"
},
{
"name": "https://github.com/splitbrain/dokuwiki/issues/1709",
"refsource": "CONFIRM",
"url": "https://github.com/splitbrain/dokuwiki/issues/1709"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7965",
"datePublished": "2016-10-31T10:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12979
Vulnerability from cvelistv5
Published
2017-08-21 07:00
Modified
2024-08-05 18:51
Severity ?
EPSS score ?
Summary
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/splitbrain/dokuwiki/issues/2080 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:07.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/2080"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-21T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/2080"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/splitbrain/dokuwiki/issues/2080",
"refsource": "CONFIRM",
"url": "https://github.com/splitbrain/dokuwiki/issues/2080"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12979",
"datePublished": "2017-08-21T07:00:00",
"dateReserved": "2017-08-21T00:00:00",
"dateUpdated": "2024-08-05T18:51:07.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9253
Vulnerability from cvelistv5
Published
2014-12-17 18:00
Modified
2024-08-06 13:40
Severity ?
EPSS score ?
Summary
The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.szurek.pl/dokuwiki-20140929a-xss.html | x_refsource_MISC | |
| http://www.securitytracker.com/id/1031369 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/99291 | vdb-entry, x_refsource_XF | |
| https://www.dokuwiki.org/changes | x_refsource_CONFIRM | |
| https://github.com/splitbrain/dokuwiki/commit/778ddf6f2cd9ed38b9db2d73e823b8c21243a960 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2014/q4/1050 | mailing-list, x_refsource_MLIST | |
| http://advisories.mageia.org/MGASA-2014-0540.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/71671 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.szurek.pl/dokuwiki-20140929a-xss.html"
},
{
"name": "1031369",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031369"
},
{
"name": "dokuwiki-cve20149253-xss(99291)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99291"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.dokuwiki.org/changes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/splitbrain/dokuwiki/commit/778ddf6f2cd9ed38b9db2d73e823b8c21243a960"
},
{
"name": "[oss-security] 20141215 Re: CVE request: XSS flaw fixed in dokuwiki 2014-09-29b",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q4/1050"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0540.html"
},
{
"name": "71671",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71671"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.szurek.pl/dokuwiki-20140929a-xss.html"
},
{
"name": "1031369",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031369"
},
{
"name": "dokuwiki-cve20149253-xss(99291)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99291"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.dokuwiki.org/changes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/splitbrain/dokuwiki/commit/778ddf6f2cd9ed38b9db2d73e823b8c21243a960"
},
{
"name": "[oss-security] 20141215 Re: CVE request: XSS flaw fixed in dokuwiki 2014-09-29b",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q4/1050"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0540.html"
},
{
"name": "71671",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71671"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.szurek.pl/dokuwiki-20140929a-xss.html",
"refsource": "MISC",
"url": "http://security.szurek.pl/dokuwiki-20140929a-xss.html"
},
{
"name": "1031369",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031369"
},
{
"name": "dokuwiki-cve20149253-xss(99291)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99291"
},
{
"name": "https://www.dokuwiki.org/changes",
"refsource": "CONFIRM",
"url": "https://www.dokuwiki.org/changes"
},
{
"name": "https://github.com/splitbrain/dokuwiki/commit/778ddf6f2cd9ed38b9db2d73e823b8c21243a960",
"refsource": "CONFIRM",
"url": "https://github.com/splitbrain/dokuwiki/commit/778ddf6f2cd9ed38b9db2d73e823b8c21243a960"
},
{
"name": "[oss-security] 20141215 Re: CVE request: XSS flaw fixed in dokuwiki 2014-09-29b",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q4/1050"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0540.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0540.html"
},
{
"name": "71671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71671"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9253",
"datePublished": "2014-12-17T18:00:00",
"dateReserved": "2014-12-04T00:00:00",
"dateUpdated": "2024-08-06T13:40:24.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28919
Vulnerability from cvelistv5
Published
2022-05-12 15:43
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/splitbrain/dokuwiki/issues/3651 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFL5KMLTSWOHTDHURW5W6YP2DV67IQFP/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DB7BXJKFALXHURED3OMJIQ4KEDGZOOWL/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGKXK6TK27URC76FTX46Z6OLTKYIQK7E/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:57.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/3651"
},
{
"name": "FEDORA-2022-a66124e04f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFL5KMLTSWOHTDHURW5W6YP2DV67IQFP/"
},
{
"name": "FEDORA-2022-44f5e9e219",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DB7BXJKFALXHURED3OMJIQ4KEDGZOOWL/"
},
{
"name": "FEDORA-2022-59f0ad964c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGKXK6TK27URC76FTX46Z6OLTKYIQK7E/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-22T03:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/3651"
},
{
"name": "FEDORA-2022-a66124e04f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFL5KMLTSWOHTDHURW5W6YP2DV67IQFP/"
},
{
"name": "FEDORA-2022-44f5e9e219",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DB7BXJKFALXHURED3OMJIQ4KEDGZOOWL/"
},
{
"name": "FEDORA-2022-59f0ad964c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGKXK6TK27URC76FTX46Z6OLTKYIQK7E/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/splitbrain/dokuwiki/issues/3651",
"refsource": "MISC",
"url": "https://github.com/splitbrain/dokuwiki/issues/3651"
},
{
"name": "FEDORA-2022-a66124e04f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFL5KMLTSWOHTDHURW5W6YP2DV67IQFP/"
},
{
"name": "FEDORA-2022-44f5e9e219",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DB7BXJKFALXHURED3OMJIQ4KEDGZOOWL/"
},
{
"name": "FEDORA-2022-59f0ad964c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGKXK6TK27URC76FTX46Z6OLTKYIQK7E/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28919",
"datePublished": "2022-05-12T15:43:08",
"dateReserved": "2022-04-11T00:00:00",
"dateUpdated": "2024-08-03T06:10:57.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34408
Vulnerability from cvelistv5
Published
2023-06-05 00:00
Modified
2025-01-08 19:37
Severity ?
EPSS score ?
Summary
DokuWiki before 2023-04-04a allows XSS via RSS titles.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:07.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dokuwiki/dokuwiki/pull/3967"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.github.com/splitbrain/dokuwiki/commit/53df38b0e4465894a67a5890f74a6f5f82e827de"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/c6119106-1a5c-464c-94dd-ee7c5d0bece0/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/dokuwiki/dokuwiki/compare/release-2023-04-04...release-2023-04-04a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-34408",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T19:37:45.679411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T19:37:53.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DokuWiki before 2023-04-04a allows XSS via RSS titles."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-05T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/dokuwiki/dokuwiki/pull/3967"
},
{
"url": "https://www.github.com/splitbrain/dokuwiki/commit/53df38b0e4465894a67a5890f74a6f5f82e827de"
},
{
"url": "https://huntr.dev/bounties/c6119106-1a5c-464c-94dd-ee7c5d0bece0/"
},
{
"url": "https://github.com/dokuwiki/dokuwiki/compare/release-2023-04-04...release-2023-04-04a"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-34408",
"datePublished": "2023-06-05T00:00:00",
"dateReserved": "2023-06-05T00:00:00",
"dateUpdated": "2025-01-08T19:37:53.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0287
Vulnerability from cvelistv5
Published
2010-02-15 18:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html | vendor-advisory, x_refsource_FEDORA | |
| http://secunia.com/advisories/38183 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-201301-07.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.vupen.com/english/advisories/2010/0150 | vdb-entry, x_refsource_VUPEN | |
| http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security | x_refsource_CONFIRM | |
| http://www.debian.org/security/2010/dsa-1976 | vendor-advisory, x_refsource_DEBIAN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55660 | vdb-entry, x_refsource_XF | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.securityfocus.com/bid/37821 | vdb-entry, x_refsource_BID | |
| http://bugs.splitbrain.org/index.php?do=details&task_id=1847 | x_refsource_CONFIRM | |
| http://www.exploit-db.com/exploits/11141 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-0770",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html"
},
{
"name": "38183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38183"
},
{
"name": "GLSA-201301-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"name": "ADV-2010-0150",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0150"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security"
},
{
"name": "DSA-1976",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-1976"
},
{
"name": "dokuwiki-ajax-dir-traversal(55660)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55660"
},
{
"name": "FEDORA-2010-0800",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html"
},
{
"name": "37821",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37821"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.splitbrain.org/index.php?do=details\u0026task_id=1847"
},
{
"name": "11141",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/11141"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2010-0770",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html"
},
{
"name": "38183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38183"
},
{
"name": "GLSA-201301-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"name": "ADV-2010-0150",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0150"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security"
},
{
"name": "DSA-1976",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-1976"
},
{
"name": "dokuwiki-ajax-dir-traversal(55660)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55660"
},
{
"name": "FEDORA-2010-0800",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html"
},
{
"name": "37821",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37821"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.splitbrain.org/index.php?do=details\u0026task_id=1847"
},
{
"name": "11141",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/11141"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0287",
"datePublished": "2010-02-15T18:00:00",
"dateReserved": "2010-01-12T00:00:00",
"dateUpdated": "2024-08-07T00:45:11.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3354
Vulnerability from cvelistv5
Published
2012-11-20 00:00
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/06/25/2 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=835145 | x_refsource_MISC | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:073 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.openwall.com/lists/oss-security/2012/06/24/2 | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.freelists.org/post/dokuwiki/Fwd-DokuWiki-Full-path-disclosure | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:11.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120624 Re: CVE request: Full path disclosure in DokuWiki",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/25/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=835145"
},
{
"name": "MDVSA-2013:073",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:073"
},
{
"name": "[oss-security] 20120624 CVE request: Full path disclosure in DokuWiki",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/24/2"
},
{
"name": "FEDORA-2012-16550",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html"
},
{
"name": "FEDORA-2012-16605",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html"
},
{
"name": "FEDORA-2012-16614",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.freelists.org/post/dokuwiki/Fwd-DokuWiki-Full-path-disclosure"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-10T15:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120624 Re: CVE request: Full path disclosure in DokuWiki",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/25/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=835145"
},
{
"name": "MDVSA-2013:073",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:073"
},
{
"name": "[oss-security] 20120624 CVE request: Full path disclosure in DokuWiki",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/24/2"
},
{
"name": "FEDORA-2012-16550",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html"
},
{
"name": "FEDORA-2012-16605",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html"
},
{
"name": "FEDORA-2012-16614",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.freelists.org/post/dokuwiki/Fwd-DokuWiki-Full-path-disclosure"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3354",
"datePublished": "2012-11-20T00:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:11.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15474
Vulnerability from cvelistv5
Published
2018-09-07 22:00
Modified
2024-08-05 09:54
Severity ?
EPSS score ?
Summary
CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has stated "this is not a security problem in DokuWiki.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/splitbrain/dokuwiki/issues/2450 | x_refsource_CONFIRM | |
| https://www.sec-consult.com/en/blog/advisories/dokuwiki-csv-formula-injection-vulnerability/ | x_refsource_MISC | |
| https://seclists.org/fulldisclosure/2018/Sep/4 | mailing-list, x_refsource_FULLDISC | |
| https://www.patreon.com/posts/unfixed-security-21250652 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:03.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/2450"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sec-consult.com/en/blog/advisories/dokuwiki-csv-formula-injection-vulnerability/"
},
{
"name": "20180906 SEC Consult SA-20180906-0 :: CSV Formula Injection in DokuWiki",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Sep/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.patreon.com/posts/unfixed-security-21250652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has stated \"this is not a security problem in DokuWiki."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-24T21:57:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/2450"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sec-consult.com/en/blog/advisories/dokuwiki-csv-formula-injection-vulnerability/"
},
{
"name": "20180906 SEC Consult SA-20180906-0 :: CSV Formula Injection in DokuWiki",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Sep/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.patreon.com/posts/unfixed-security-21250652"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has stated \"this is not a security problem in DokuWiki.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/splitbrain/dokuwiki/issues/2450",
"refsource": "CONFIRM",
"url": "https://github.com/splitbrain/dokuwiki/issues/2450"
},
{
"name": "https://www.sec-consult.com/en/blog/advisories/dokuwiki-csv-formula-injection-vulnerability/",
"refsource": "MISC",
"url": "https://www.sec-consult.com/en/blog/advisories/dokuwiki-csv-formula-injection-vulnerability/"
},
{
"name": "20180906 SEC Consult SA-20180906-0 :: CSV Formula Injection in DokuWiki",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Sep/4"
},
{
"name": "https://www.patreon.com/posts/unfixed-security-21250652",
"refsource": "MISC",
"url": "https://www.patreon.com/posts/unfixed-security-21250652"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15474",
"datePublished": "2018-09-07T22:00:00",
"dateReserved": "2018-08-17T00:00:00",
"dateUpdated": "2024-08-05T09:54:03.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0289
Vulnerability from cvelistv5
Published
2010-02-15 18:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.splitbrain.org/index.php?do=details&task_id=1853 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html | vendor-advisory, x_refsource_FEDORA | |
| http://security.gentoo.org/glsa/glsa-201301-07.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security | x_refsource_CONFIRM | |
| http://freshmeat.net/projects/dokuwiki/tags/security-fix | x_refsource_CONFIRM | |
| http://www.debian.org/security/2010/dsa-1976 | vendor-advisory, x_refsource_DEBIAN | |
| http://osvdb.org/61708 | vdb-entry, x_refsource_OSVDB | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html | vendor-advisory, x_refsource_FEDORA | |
| http://secunia.com/advisories/38205 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.splitbrain.org/index.php?do=details\u0026task_id=1853"
},
{
"name": "FEDORA-2010-0770",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html"
},
{
"name": "GLSA-201301-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freshmeat.net/projects/dokuwiki/tags/security-fix"
},
{
"name": "DSA-1976",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-1976"
},
{
"name": "61708",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61708"
},
{
"name": "FEDORA-2010-0800",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html"
},
{
"name": "38205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-02T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.splitbrain.org/index.php?do=details\u0026task_id=1853"
},
{
"name": "FEDORA-2010-0770",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html"
},
{
"name": "GLSA-201301-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freshmeat.net/projects/dokuwiki/tags/security-fix"
},
{
"name": "DSA-1976",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-1976"
},
{
"name": "61708",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61708"
},
{
"name": "FEDORA-2010-0800",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html"
},
{
"name": "38205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38205"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0289",
"datePublished": "2010-02-15T18:00:00",
"dateReserved": "2010-01-12T00:00:00",
"dateUpdated": "2024-08-07T00:45:11.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8762
Vulnerability from cvelistv5
Published
2014-10-22 14:00
Modified
2024-08-06 13:26
Severity ?
EPSS score ?
Summary
The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/61983 | third-party-advisory, x_refsource_SECUNIA | |
| http://advisories.mageia.org/MGASA-2014-0438.html | x_refsource_CONFIRM | |
| https://github.com/splitbrain/dokuwiki/issues/765 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/70404 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2014/10/13/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2014/10/16/9 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2014/dsa-3059 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61983"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/765"
},
{
"name": "70404",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70404"
},
{
"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"name": "DSA-3059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-01T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "61983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61983"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/765"
},
{
"name": "70404",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70404"
},
{
"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"name": "DSA-3059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61983"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0438.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"name": "https://github.com/splitbrain/dokuwiki/issues/765",
"refsource": "CONFIRM",
"url": "https://github.com/splitbrain/dokuwiki/issues/765"
},
{
"name": "70404",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70404"
},
{
"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"name": "DSA-3059",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8762",
"datePublished": "2014-10-22T14:00:00",
"dateReserved": "2014-10-13T00:00:00",
"dateUpdated": "2024-08-06T13:26:02.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12583
Vulnerability from cvelistv5
Published
2017-08-06 03:00
Modified
2024-09-17 00:30
Severity ?
EPSS score ?
Summary
DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/splitbrain/dokuwiki/issues/2061 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/2061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-06T03:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/2061"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/splitbrain/dokuwiki/issues/2061",
"refsource": "CONFIRM",
"url": "https://github.com/splitbrain/dokuwiki/issues/2061"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12583",
"datePublished": "2017-08-06T03:00:00Z",
"dateReserved": "2017-08-05T00:00:00Z",
"dateUpdated": "2024-09-17T00:30:49.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8761
Vulnerability from cvelistv5
Published
2014-10-22 14:00
Modified
2024-08-06 13:26
Severity ?
EPSS score ?
Summary
inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/61983 | third-party-advisory, x_refsource_SECUNIA | |
| http://advisories.mageia.org/MGASA-2014-0438.html | x_refsource_CONFIRM | |
| https://github.com/splitbrain/dokuwiki/issues/765 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2014/10/13/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2014/10/16/9 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2014/dsa-3059 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugs.dokuwiki.org/index.php?do=details&task_id=2647#comment6204 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61983"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/765"
},
{
"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"name": "DSA-3059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.dokuwiki.org/index.php?do=details\u0026task_id=2647#comment6204"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-01T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "61983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61983"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/765"
},
{
"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"name": "DSA-3059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.dokuwiki.org/index.php?do=details\u0026task_id=2647#comment6204"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61983"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0438.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"name": "https://github.com/splitbrain/dokuwiki/issues/765",
"refsource": "CONFIRM",
"url": "https://github.com/splitbrain/dokuwiki/issues/765"
},
{
"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"name": "DSA-3059",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"name": "https://bugs.dokuwiki.org/index.php?do=details\u0026task_id=2647#comment6204",
"refsource": "MISC",
"url": "https://bugs.dokuwiki.org/index.php?do=details\u0026task_id=2647#comment6204"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8761",
"datePublished": "2014-10-22T14:00:00",
"dateReserved": "2014-10-13T00:00:00",
"dateUpdated": "2024-08-06T13:26:02.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12980
Vulnerability from cvelistv5
Published
2017-08-21 07:00
Modified
2024-08-05 18:51
Severity ?
EPSS score ?
Summary
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/splitbrain/dokuwiki/issues/2081 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:07.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/2081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-21T06:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/2081"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/splitbrain/dokuwiki/issues/2081",
"refsource": "CONFIRM",
"url": "https://github.com/splitbrain/dokuwiki/issues/2081"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12980",
"datePublished": "2017-08-21T07:00:00",
"dateReserved": "2017-08-21T00:00:00",
"dateUpdated": "2024-08-05T18:51:07.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3123
Vulnerability from cvelistv5
Published
2022-09-05 10:10
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a.
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/d72a979b-57db-4201-9500-66b49a5c1345 | x_refsource_CONFIRM | |
| https://github.com/splitbrain/dokuwiki/commit/63e9a247c072008a031f9db39fa496f6aca489b6 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LLNV7GYZPGLIKBLISVQUREQXE3WHI5R2/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIWZXLDU7SUS2FANXQRCHJY3F3SWT27E/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZQTVHRBEVMSKQESNFLU7MAUAB3R3PG2/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | splitbrain | splitbrain/dokuwiki |
Version: unspecified < 2022-07-31a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/d72a979b-57db-4201-9500-66b49a5c1345"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/splitbrain/dokuwiki/commit/63e9a247c072008a031f9db39fa496f6aca489b6"
},
{
"name": "FEDORA-2022-fd641dbf35",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LLNV7GYZPGLIKBLISVQUREQXE3WHI5R2/"
},
{
"name": "FEDORA-2022-d048c0dde2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIWZXLDU7SUS2FANXQRCHJY3F3SWT27E/"
},
{
"name": "FEDORA-2022-8c76e587f7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZQTVHRBEVMSKQESNFLU7MAUAB3R3PG2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "splitbrain/dokuwiki",
"vendor": "splitbrain",
"versions": [
{
"lessThan": "2022-07-31a",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-24T02:06:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/d72a979b-57db-4201-9500-66b49a5c1345"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/splitbrain/dokuwiki/commit/63e9a247c072008a031f9db39fa496f6aca489b6"
},
{
"name": "FEDORA-2022-fd641dbf35",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LLNV7GYZPGLIKBLISVQUREQXE3WHI5R2/"
},
{
"name": "FEDORA-2022-d048c0dde2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIWZXLDU7SUS2FANXQRCHJY3F3SWT27E/"
},
{
"name": "FEDORA-2022-8c76e587f7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZQTVHRBEVMSKQESNFLU7MAUAB3R3PG2/"
}
],
"source": {
"advisory": "d72a979b-57db-4201-9500-66b49a5c1345",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in splitbrain/dokuwiki",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3123",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Reflected in splitbrain/dokuwiki"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "splitbrain/dokuwiki",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2022-07-31a"
}
]
}
}
]
},
"vendor_name": "splitbrain"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d72a979b-57db-4201-9500-66b49a5c1345",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d72a979b-57db-4201-9500-66b49a5c1345"
},
{
"name": "https://github.com/splitbrain/dokuwiki/commit/63e9a247c072008a031f9db39fa496f6aca489b6",
"refsource": "MISC",
"url": "https://github.com/splitbrain/dokuwiki/commit/63e9a247c072008a031f9db39fa496f6aca489b6"
},
{
"name": "FEDORA-2022-fd641dbf35",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LLNV7GYZPGLIKBLISVQUREQXE3WHI5R2/"
},
{
"name": "FEDORA-2022-d048c0dde2",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XIWZXLDU7SUS2FANXQRCHJY3F3SWT27E/"
},
{
"name": "FEDORA-2022-8c76e587f7",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZQTVHRBEVMSKQESNFLU7MAUAB3R3PG2/"
}
]
},
"source": {
"advisory": "d72a979b-57db-4201-9500-66b49a5c1345",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3123",
"datePublished": "2022-09-05T10:10:09",
"dateReserved": "2022-09-05T00:00:00",
"dateUpdated": "2024-08-03T01:00:10.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1960
Vulnerability from cvelistv5
Published
2009-06-06 18:00
Modified
2024-08-07 05:36
Severity ?
EPSS score ?
Summary
inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/8812 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/35095 | vdb-entry, x_refsource_BID | |
| http://bugs.splitbrain.org/index.php?do=details&task_id=1700 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/35218 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.exploit-db.com/exploits/8781 | exploit, x_refsource_EXPLOIT-DB | |
| http://dev.splitbrain.org/darcsweb/darcsweb.cgi?r=dokuwiki%3Ba=commitdiff%3Bh=20090526145030-7ad00-c0483e021f47898c8597f3bfbdd26c637f891d86.gz | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:36:19.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8812",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8812"
},
{
"name": "35095",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35095"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.splitbrain.org/index.php?do=details\u0026task_id=1700"
},
{
"name": "35218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35218"
},
{
"name": "8781",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8781"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.splitbrain.org/darcsweb/darcsweb.cgi?r=dokuwiki%3Ba=commitdiff%3Bh=20090526145030-7ad00-c0483e021f47898c8597f3bfbdd26c637f891d86.gz"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8812",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8812"
},
{
"name": "35095",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35095"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.splitbrain.org/index.php?do=details\u0026task_id=1700"
},
{
"name": "35218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35218"
},
{
"name": "8781",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8781"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.splitbrain.org/darcsweb/darcsweb.cgi?r=dokuwiki%3Ba=commitdiff%3Bh=20090526145030-7ad00-c0483e021f47898c8597f3bfbdd26c637f891d86.gz"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8812",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8812"
},
{
"name": "35095",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35095"
},
{
"name": "http://bugs.splitbrain.org/index.php?do=details\u0026task_id=1700",
"refsource": "CONFIRM",
"url": "http://bugs.splitbrain.org/index.php?do=details\u0026task_id=1700"
},
{
"name": "35218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35218"
},
{
"name": "8781",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8781"
},
{
"name": "http://dev.splitbrain.org/darcsweb/darcsweb.cgi?r=dokuwiki;a=commitdiff;h=20090526145030-7ad00-c0483e021f47898c8597f3bfbdd26c637f891d86.gz",
"refsource": "CONFIRM",
"url": "http://dev.splitbrain.org/darcsweb/darcsweb.cgi?r=dokuwiki;a=commitdiff;h=20090526145030-7ad00-c0483e021f47898c8597f3bfbdd26c637f891d86.gz"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1960",
"datePublished": "2009-06-06T18:00:00",
"dateReserved": "2009-06-06T00:00:00",
"dateUpdated": "2024-08-07T05:36:19.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8763
Vulnerability from cvelistv5
Published
2014-10-22 14:00
Modified
2024-08-06 13:26
Severity ?
EPSS score ?
Summary
DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/61983 | third-party-advisory, x_refsource_SECUNIA | |
| http://advisories.mageia.org/MGASA-2014-0438.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2014/10/13/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2014/10/16/9 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2014/dsa-3059 | vendor-advisory, x_refsource_DEBIAN | |
| https://github.com/splitbrain/dokuwiki/pull/868 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"
},
{
"name": "61983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61983"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"name": "DSA-3059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/splitbrain/dokuwiki/pull/868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\\0) character and a valid user name, which triggers an unauthenticated bind."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-01T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"
},
{
"name": "61983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61983"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"name": "DSA-3059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/splitbrain/dokuwiki/pull/868"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\\0) character and a valid user name, which triggers an unauthenticated bind."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication",
"refsource": "MLIST",
"url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"
},
{
"name": "61983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61983"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0438.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"name": "DSA-3059",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"name": "https://github.com/splitbrain/dokuwiki/pull/868",
"refsource": "CONFIRM",
"url": "https://github.com/splitbrain/dokuwiki/pull/868"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8763",
"datePublished": "2014-10-22T14:00:00",
"dateReserved": "2014-10-13T00:00:00",
"dateUpdated": "2024-08-06T13:26:02.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2510
Vulnerability from cvelistv5
Published
2011-07-14 23:00
Modified
2024-08-06 23:00
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbitrary web script or HTML via a link.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:34.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48364",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48364"
},
{
"name": "FEDORA-2011-8816",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062389.html"
},
{
"name": "dokuwiki-rss-xss(68122)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68122"
},
{
"name": "45009",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45009"
},
{
"name": "GLSA-201301-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.dokuwiki.org/changes"
},
{
"name": "[oss-security] 20110629 Re: CVE Request -- DokuWiki -- XSS in DokuWiki\u0027s RSS embedding mechanism",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/29/13"
},
{
"name": "FEDORA-2011-8831",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062380.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=717146"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-366/CERTA-2011-AVI-366.html"
},
{
"name": "DSA-2320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2320"
},
{
"name": "[dokuwiki] 20110614 Hotfix Release \"2011-05-25a Rincewind\"",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.freelists.org/post/dokuwiki/Hotfix-Release-20110525a-Rincewind"
},
{
"name": "[oss-security] 20110628 CVE Request -- DokuWiki -- XSS in DokuWiki\u0027s RSS embedding mechanism",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631818"
},
{
"name": "45190",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45190"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbitrary web script or HTML via a link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "48364",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48364"
},
{
"name": "FEDORA-2011-8816",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062389.html"
},
{
"name": "dokuwiki-rss-xss(68122)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68122"
},
{
"name": "45009",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45009"
},
{
"name": "GLSA-201301-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.dokuwiki.org/changes"
},
{
"name": "[oss-security] 20110629 Re: CVE Request -- DokuWiki -- XSS in DokuWiki\u0027s RSS embedding mechanism",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/29/13"
},
{
"name": "FEDORA-2011-8831",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062380.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=717146"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-366/CERTA-2011-AVI-366.html"
},
{
"name": "DSA-2320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2320"
},
{
"name": "[dokuwiki] 20110614 Hotfix Release \"2011-05-25a Rincewind\"",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.freelists.org/post/dokuwiki/Hotfix-Release-20110525a-Rincewind"
},
{
"name": "[oss-security] 20110628 CVE Request -- DokuWiki -- XSS in DokuWiki\u0027s RSS embedding mechanism",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631818"
},
{
"name": "45190",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45190"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2510",
"datePublished": "2011-07-14T23:00:00",
"dateReserved": "2011-06-15T00:00:00",
"dateUpdated": "2024-08-06T23:00:34.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2172
Vulnerability from cvelistv5
Published
2015-03-30 14:00
Modified
2024-08-06 05:10
Severity ?
EPSS score ?
Summary
DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/splitbrain/dokuwiki/issues/1056 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153266.html | vendor-advisory, x_refsource_FEDORA | |
| https://github.com/splitbrain/dokuwiki/commit/4970ad24ce49ec76a0ee67bca7594f918ced2f5f | x_refsource_CONFIRM | |
| https://www.dokuwiki.org/changes | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/72827 | vdb-entry, x_refsource_BID | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153062.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152994.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.openwall.com/lists/oss-security/2015/03/02/2 | mailing-list, x_refsource_MLIST | |
| http://advisories.mageia.org/MGASA-2015-0093.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:10:14.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/1056"
},
{
"name": "FEDORA-2015-3079",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153266.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/splitbrain/dokuwiki/commit/4970ad24ce49ec76a0ee67bca7594f918ced2f5f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.dokuwiki.org/changes"
},
{
"name": "72827",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72827"
},
{
"name": "FEDORA-2015-3186",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153062.html"
},
{
"name": "FEDORA-2015-3211",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152994.html"
},
{
"name": "[oss-security] 20150301 Re: CVE request: DokuWiki privilege escalation in RPC API",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/02/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0093.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/1056"
},
{
"name": "FEDORA-2015-3079",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153266.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/splitbrain/dokuwiki/commit/4970ad24ce49ec76a0ee67bca7594f918ced2f5f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.dokuwiki.org/changes"
},
{
"name": "72827",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72827"
},
{
"name": "FEDORA-2015-3186",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153062.html"
},
{
"name": "FEDORA-2015-3211",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152994.html"
},
{
"name": "[oss-security] 20150301 Re: CVE request: DokuWiki privilege escalation in RPC API",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/02/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0093.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/splitbrain/dokuwiki/issues/1056",
"refsource": "CONFIRM",
"url": "https://github.com/splitbrain/dokuwiki/issues/1056"
},
{
"name": "FEDORA-2015-3079",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153266.html"
},
{
"name": "https://github.com/splitbrain/dokuwiki/commit/4970ad24ce49ec76a0ee67bca7594f918ced2f5f",
"refsource": "CONFIRM",
"url": "https://github.com/splitbrain/dokuwiki/commit/4970ad24ce49ec76a0ee67bca7594f918ced2f5f"
},
{
"name": "https://www.dokuwiki.org/changes",
"refsource": "CONFIRM",
"url": "https://www.dokuwiki.org/changes"
},
{
"name": "72827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72827"
},
{
"name": "FEDORA-2015-3186",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153062.html"
},
{
"name": "FEDORA-2015-3211",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152994.html"
},
{
"name": "[oss-security] 20150301 Re: CVE request: DokuWiki privilege escalation in RPC API",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/02/2"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0093.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0093.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2172",
"datePublished": "2015-03-30T14:00:00",
"dateReserved": "2015-03-01T00:00:00",
"dateUpdated": "2024-08-06T05:10:14.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8764
Vulnerability from cvelistv5
Published
2014-10-22 14:00
Modified
2024-08-06 13:26
Severity ?
EPSS score ?
Summary
DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/61983 | third-party-advisory, x_refsource_SECUNIA | |
| http://advisories.mageia.org/MGASA-2014-0438.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2014/10/13/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2014/10/16/9 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2014/dsa-3059 | vendor-advisory, x_refsource_DEBIAN | |
| https://github.com/splitbrain/dokuwiki/pull/868 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"
},
{
"name": "61983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61983"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"name": "DSA-3059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/splitbrain/dokuwiki/pull/868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\\0) character, which triggers an anonymous bind."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-01T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"
},
{
"name": "61983",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61983"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"name": "DSA-3059",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/splitbrain/dokuwiki/pull/868"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\\0) character, which triggers an anonymous bind."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication",
"refsource": "MLIST",
"url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"
},
{
"name": "61983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61983"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0438.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"name": "DSA-3059",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"name": "https://github.com/splitbrain/dokuwiki/pull/868",
"refsource": "CONFIRM",
"url": "https://github.com/splitbrain/dokuwiki/pull/868"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8764",
"datePublished": "2014-10-22T14:00:00",
"dateReserved": "2014-10-13T00:00:00",
"dateUpdated": "2024-08-06T13:26:02.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0288
Vulnerability from cvelistv5
Published
2010-02-15 18:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55661 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/61710 | vdb-entry, x_refsource_OSVDB | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html | vendor-advisory, x_refsource_FEDORA | |
| http://secunia.com/advisories/38183 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-201301-07.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.vupen.com/english/advisories/2010/0150 | vdb-entry, x_refsource_VUPEN | |
| http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security | x_refsource_CONFIRM | |
| http://www.debian.org/security/2010/dsa-1976 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.securityfocus.com/bid/37820 | vdb-entry, x_refsource_BID | |
| http://bugs.splitbrain.org/index.php?do=details&task_id=1847 | x_refsource_CONFIRM | |
| http://www.exploit-db.com/exploits/11141 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "dokuwiki-ajax-security-bypass(55661)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55661"
},
{
"name": "61710",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61710"
},
{
"name": "FEDORA-2010-0770",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html"
},
{
"name": "38183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38183"
},
{
"name": "GLSA-201301-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"name": "ADV-2010-0150",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0150"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security"
},
{
"name": "DSA-1976",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-1976"
},
{
"name": "FEDORA-2010-0800",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html"
},
{
"name": "37820",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37820"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.splitbrain.org/index.php?do=details\u0026task_id=1847"
},
{
"name": "11141",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/11141"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "dokuwiki-ajax-security-bypass(55661)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55661"
},
{
"name": "61710",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61710"
},
{
"name": "FEDORA-2010-0770",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html"
},
{
"name": "38183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38183"
},
{
"name": "GLSA-201301-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"name": "ADV-2010-0150",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0150"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security"
},
{
"name": "DSA-1976",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-1976"
},
{
"name": "FEDORA-2010-0800",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html"
},
{
"name": "37820",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37820"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.splitbrain.org/index.php?do=details\u0026task_id=1847"
},
{
"name": "11141",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/11141"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0288",
"datePublished": "2010-02-15T18:00:00",
"dateReserved": "2010-01-12T00:00:00",
"dateUpdated": "2024-08-07T00:45:11.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7964
Vulnerability from cvelistv5
Published
2016-10-31 10:00
Modified
2024-08-06 02:13
Severity ?
EPSS score ?
Summary
The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94245 | vdb-entry, x_refsource_BID | |
| https://github.com/splitbrain/dokuwiki/issues/1708 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94245",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94245"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/1708"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "94245",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94245"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/1708"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94245"
},
{
"name": "https://github.com/splitbrain/dokuwiki/issues/1708",
"refsource": "CONFIRM",
"url": "https://github.com/splitbrain/dokuwiki/issues/1708"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7964",
"datePublished": "2016-10-31T10:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18123
Vulnerability from cvelistv5
Published
2018-02-03 03:00
Modified
2024-08-05 21:13
Severity ?
EPSS score ?
Summary
The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/splitbrain/dokuwiki/pull/2019 | x_refsource_MISC | |
| https://vulnhive.com/2018/000004 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2018/02/msg00004.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/07/msg00004.html | mailing-list, x_refsource_MLIST | |
| https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86 | x_refsource_MISC | |
| https://hackerone.com/reports/238316 | x_refsource_MISC | |
| https://github.com/splitbrain/dokuwiki/issues/2029 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:13:48.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/splitbrain/dokuwiki/pull/2019"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vulnhive.com/2018/000004"
},
{
"name": "[debian-lts-announce] 20180204 [SECURITY] [DLA 1269-1] dokuwiki security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00004.html"
},
{
"name": "[debian-lts-announce] 20180705 [SECURITY] [DLA 1413-1] dokuwiki security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00004.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/238316"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/2029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-06T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/splitbrain/dokuwiki/pull/2019"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vulnhive.com/2018/000004"
},
{
"name": "[debian-lts-announce] 20180204 [SECURITY] [DLA 1269-1] dokuwiki security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00004.html"
},
{
"name": "[debian-lts-announce] 20180705 [SECURITY] [DLA 1413-1] dokuwiki security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00004.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/238316"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/2029"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/splitbrain/dokuwiki/pull/2019",
"refsource": "MISC",
"url": "https://github.com/splitbrain/dokuwiki/pull/2019"
},
{
"name": "https://vulnhive.com/2018/000004",
"refsource": "MISC",
"url": "https://vulnhive.com/2018/000004"
},
{
"name": "[debian-lts-announce] 20180204 [SECURITY] [DLA 1269-1] dokuwiki security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00004.html"
},
{
"name": "[debian-lts-announce] 20180705 [SECURITY] [DLA 1413-1] dokuwiki security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00004.html"
},
{
"name": "https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86",
"refsource": "MISC",
"url": "https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86"
},
{
"name": "https://hackerone.com/reports/238316",
"refsource": "MISC",
"url": "https://hackerone.com/reports/238316"
},
{
"name": "https://github.com/splitbrain/dokuwiki/issues/2029",
"refsource": "MISC",
"url": "https://github.com/splitbrain/dokuwiki/issues/2029"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18123",
"datePublished": "2018-02-03T03:00:00",
"dateReserved": "2018-02-02T00:00:00",
"dateUpdated": "2024-08-05T21:13:48.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3727
Vulnerability from cvelistv5
Published
2011-09-23 23:00
Modified
2024-08-06 23:46
Severity ?
EPSS score ?
Summary
DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:073 | vendor-advisory, x_refsource_MANDRIVA | |
| http://security.gentoo.org/glsa/glsa-201301-07.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.securityfocus.com/bid/56328 | vdb-entry, x_refsource_BID | |
| http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/dokuwiki-2009-12-25c | x_refsource_MISC | |
| http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README | x_refsource_MISC | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html | vendor-advisory, x_refsource_FEDORA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:02.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2013:073",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:073"
},
{
"name": "GLSA-201301-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "FEDORA-2012-16550",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html"
},
{
"name": "56328",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56328"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/dokuwiki-2009-12-25c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name": "FEDORA-2012-16605",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html"
},
{
"name": "FEDORA-2012-16614",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-10T15:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2013:073",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:073"
},
{
"name": "GLSA-201301-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "FEDORA-2012-16550",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html"
},
{
"name": "56328",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56328"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/dokuwiki-2009-12-25c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name": "FEDORA-2012-16605",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html"
},
{
"name": "FEDORA-2012-16614",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2013:073",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:073"
},
{
"name": "GLSA-201301-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "FEDORA-2012-16550",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html"
},
{
"name": "56328",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56328"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/dokuwiki-2009-12-25c",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/dokuwiki-2009-12-25c"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name": "FEDORA-2012-16605",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html"
},
{
"name": "FEDORA-2012-16614",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3727",
"datePublished": "2011-09-23T23:00:00",
"dateReserved": "2011-09-23T00:00:00",
"dateUpdated": "2024-08-06T23:46:02.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2011-09-23 23:55
Modified
2024-11-21 01:31
Severity ?
Summary
DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2009-12-25c:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3FF52A-EDE9-468E-BADA-659F90049264",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files."
},
{
"lang": "es",
"value": "DokuWiki v2009-12-25c permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa a un archivo .php, lo que revela la ruta de instalaci\u00f3n en un mensaje de error, como se demostr\u00f3 con lib/tpl/index.php y algunos otros archivos."
}
],
"id": "CVE-2011-3727",
"lastModified": "2024-11-21T01:31:05.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-23T23:55:03.037",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/dokuwiki-2009-12-25c"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:073"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/56328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/dokuwiki-2009-12-25c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56328"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-22 14:55
Modified
2024-11-21 02:19
Severity ?
Summary
The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C134F2A-492D-4379-8471-DAD6569D7FF9",
"versionEndIncluding": "2013-12-08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter."
},
{
"lang": "es",
"value": "La funci\u00f3n ajax_mediadiff en DokuWiki anterior a 2014-05-05a permite a atacantes remotos acceder a im\u00e1genes arbitrarias a trav\u00e9s de un espacio de nombre manipulado en el par\u00e1metro ns."
}
],
"id": "CVE-2014-8762",
"lastModified": "2024-11-21T02:19:43.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-22T14:55:08.293",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/61983"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/70404"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/splitbrain/dokuwiki/issues/765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/splitbrain/dokuwiki/issues/765"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-10-31 10:59
Modified
2024-11-21 02:58
Severity ?
Summary
The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/94245 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/splitbrain/dokuwiki/issues/1708 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94245 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/splitbrain/dokuwiki/issues/1708 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2016-06-26a:*:*:*:*:*:*:*",
"matchCriteriaId": "CC25437F-4B76-4A28-83B2-33569BA01FEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16."
},
{
"lang": "es",
"value": "El m\u00e9todo sendRequest en HTTPClient Class en el archivo /inc/HTTPClient.php en DokuWiki 2016-06-26a y versiones m\u00e1s antiguas, cuando se habilita la b\u00fasqueda por archivo multimedia, no tiene manera de restringir el acceso a redes privadas. Esto permite a usuarios escanear puertos de redes internas a trav\u00e9s de SSRF, tales como 10.0.0.1/8, 172.16.0.0/12 y 192.168.0.0/16."
}
],
"id": "CVE-2016-7964",
"lastModified": "2024-11-21T02:58:47.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-31T10:59:00.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94245"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/1708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/1708"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-22 14:55
Modified
2024-11-21 02:19
Severity ?
Summary
inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C134F2A-492D-4379-8471-DAD6569D7FF9",
"versionEndIncluding": "2013-12-08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call."
},
{
"lang": "es",
"value": "inc/template.php en DokuWiki anterior a 2014-05-05a solamente comprueba para el acceso al espacio de nombre root, lo que permite a atacantes remotos acceder a im\u00e1genes arbitrarias a trav\u00e9s de una llamada ajax para detalles de ficheros de los medios."
}
],
"id": "CVE-2014-8761",
"lastModified": "2024-11-21T02:19:43.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-22T14:55:08.247",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/61983"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.dokuwiki.org/index.php?do=details\u0026task_id=2647#comment6204"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/splitbrain/dokuwiki/issues/765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.dokuwiki.org/index.php?do=details\u0026task_id=2647#comment6204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/splitbrain/dokuwiki/issues/765"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-22 14:55
Modified
2024-11-21 02:19
Severity ?
Summary
DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mageia_project | mageia | 3.0 | |
| mageia_project | mageia | 4.0 | |
| dokuwiki | dokuwiki | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia_project:mageia:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBED7B92-A9D9-4B2A-A2A5-BD63C2214721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mageia_project:mageia:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D2FA5A-6EC3-490B-A6A5-C498C889E30D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C134F2A-492D-4379-8471-DAD6569D7FF9",
"versionEndIncluding": "2013-12-08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\\0) character, which triggers an anonymous bind."
},
{
"lang": "es",
"value": "DokuWiki 2014-05-05a y anteriores, cuando utiliza Active Directory para la autenticaci\u00f3n LDAP, permite a atacantes remotos evadir la autenticaci\u00f3n a trav\u00e9s de un nombre de usuario y una contrase\u00f1a que empiece por un caracter nulo (\\0), lo que provoca un bind an\u00f3nimo."
}
],
"id": "CVE-2014-8764",
"lastModified": "2024-11-21T02:19:43.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-22T14:55:08.420",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/61983"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"source": "secalert@redhat.com",
"url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/splitbrain/dokuwiki/pull/868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/splitbrain/dokuwiki/pull/868"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-21 07:29
Modified
2024-11-21 03:10
Severity ?
Summary
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/splitbrain/dokuwiki/issues/2081 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/splitbrain/dokuwiki/issues/2081 | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A4E51B-009F-4D4F-8DE4-EF96F2D1953F",
"versionEndIncluding": "2017-02-19c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element."
},
{
"lang": "es",
"value": "DokuWiki en su versi\u00f3n 2017-02-19c tiene XSS almacenado cuando presenta un canal RSS o Atom malicioso, en /inc/parser/xhtml.php. Un atacante puede crear o editar una wiki que emplee datos RSS o Atom desde un servidor controlado por el atacante para desencadenar la ejecuci\u00f3n de JavaScript. JavaScript puede estar presente en un campo de autor, tal y como demuestra el elemento dc:creator."
}
],
"id": "CVE-2017-12980",
"lastModified": "2024-11-21T03:10:34.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-21T07:29:00.313",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/2081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/2081"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-10-31 10:59
Modified
2024-11-21 02:58
Severity ?
Summary
DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can change the URL's hostname via the HTTP Host header.) The vulnerability can be triggered only if the Host header is not part of the web server routing process (e.g., if several domains are served by the same web server).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF04E7C-9B66-45A2-836D-6BFD8C95241F",
"versionEndIncluding": "2016-06-26a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can change the URL\u0027s hostname via the HTTP Host header.) The vulnerability can be triggered only if the Host header is not part of the web server routing process (e.g., if several domains are served by the same web server)."
},
{
"lang": "es",
"value": "DokuWiki 2016-06-26a y versiones m\u00e1s antiguas utiliza $_SERVER[HTTP_HOST] en lugar del ajuste baseurl como parte de la URL de restablecimiento de contrase\u00f1a. Esto puede llevar a ataques phishing. (Un atacante remoto no autenticado puede cambiar el nombre del host de la URL a trav\u00e9s de la cabecera HTTP del Host). La vulnerabilidad puede ser desencadenada s\u00f3lo si la cabecera del Host no es parte del proceso de enrutamiento del servidor web (por ejemplo, si varios dominios son servidos por el mismo servidor web)."
}
],
"id": "CVE-2016-7965",
"lastModified": "2024-11-21T02:58:47.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-31T10:59:01.847",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/94237"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/1709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/1709"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-22 14:55
Modified
2024-11-21 02:19
Severity ?
Summary
DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dokuwiki | dokuwiki | * | |
| mageia_project | mageia | 3.0 | |
| mageia_project | mageia | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA33BE6C-F00C-4A78-9136-EBBF9643B4F2",
"versionEndIncluding": "2014-05-05a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia_project:mageia:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBED7B92-A9D9-4B2A-A2A5-BD63C2214721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mageia_project:mageia:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D2FA5A-6EC3-490B-A6A5-C498C889E30D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\\0) character and a valid user name, which triggers an unauthenticated bind."
},
{
"lang": "es",
"value": "DokuWiki anterior a 2014-05-05b, cuando utiliza Active Directory para la autenticaci\u00f3n LDAP, permite a atacantes remotos evadir la autenticaci\u00f3n a trav\u00e9s de una contrase\u00f1a que empiece por un caracter nulo (\\0) y un nombre de usuario v\u00e1lido, lo que provoca un bind no autenticado."
}
],
"id": "CVE-2014-8763",
"lastModified": "2024-11-21T02:19:43.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-22T14:55:08.373",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/61983"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"source": "secalert@redhat.com",
"url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/splitbrain/dokuwiki/pull/868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0438.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/splitbrain/dokuwiki/pull/868"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-17 18:59
Modified
2024-11-21 02:20
Severity ?
Summary
The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6EB83DF-FD95-4DE1-B386-3C485BE4D7C5",
"versionEndIncluding": "2014-05-05c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F805A106-9A6F-48E7-8582-D3C5A26DFC11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php."
},
{
"lang": "es",
"value": "La configuraci\u00f3n de la lista blanca del tipo de ficheros por defecto en conf/mime.conf en Media Manager en DokuWiki anterior a 2014-09-29b permite a atacantes remotos ejecutar secuencias de comandos web o HTML arbitrarios mediante la subida de un fuchero SWF, posteriormente el acceso a ello a trav\u00e9s del par\u00e1metro media en lib/exe/fetch.php."
}
],
"id": "CVE-2014-9253",
"lastModified": "2024-11-21T02:20:29.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-17T18:59:02.533",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0540.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/oss-sec/2014/q4/1050"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.szurek.pl/dokuwiki-20140929a-xss.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://www.securityfocus.com/bid/71671"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031369"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99291"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/splitbrain/dokuwiki/commit/778ddf6f2cd9ed38b9db2d73e823b8c21243a960"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.dokuwiki.org/changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0540.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/oss-sec/2014/q4/1050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.szurek.pl/dokuwiki-20140929a-xss.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.securityfocus.com/bid/71671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1031369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/splitbrain/dokuwiki/commit/778ddf6f2cd9ed38b9db2d73e823b8c21243a960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.dokuwiki.org/changes"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-07 22:29
Modified
2024-11-21 03:50
Severity ?
Summary
CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has stated "this is not a security problem in DokuWiki.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/splitbrain/dokuwiki/issues/2450 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/fulldisclosure/2018/Sep/4 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.patreon.com/posts/unfixed-security-21250652 | ||
| cve@mitre.org | https://www.sec-consult.com/en/blog/advisories/dokuwiki-csv-formula-injection-vulnerability/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/splitbrain/dokuwiki/issues/2450 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2018/Sep/4 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.patreon.com/posts/unfixed-security-21250652 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sec-consult.com/en/blog/advisories/dokuwiki-csv-formula-injection-vulnerability/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64171BC6-19EC-480E-A059-3CE1DD9D9154",
"versionEndIncluding": "2018-04-22a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has stated \"this is not a security problem in DokuWiki."
},
{
"lang": "es",
"value": "** EN DISPUTA ** Inyecci\u00f3n CSV (tambi\u00e9n conocida como Excel Macro Injection o Formula Injection) en /lib/plugins/usermanager/admin.php en DokuWiki 2018-04-22a y anteriores permite que atacantes remotos exfiltren datos sensibles y ejecuten c\u00f3digo arbitrario mediante un valor que se gestiona de manera incorrecta en una exportaci\u00f3n en CSV. NOTA: el fabricante ha indicado que \"esto no es un problema de seguridad en DokuWiki\"."
}
],
"id": "CVE-2018-15474",
"lastModified": "2024-11-21T03:50:53.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-07T22:29:00.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/2450"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Sep/4"
},
{
"source": "cve@mitre.org",
"url": "https://www.patreon.com/posts/unfixed-security-21250652"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.sec-consult.com/en/blog/advisories/dokuwiki-csv-formula-injection-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/2450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Sep/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.patreon.com/posts/unfixed-security-21250652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.sec-consult.com/en/blog/advisories/dokuwiki-csv-formula-injection-vulnerability/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-20 00:55
Modified
2024-11-21 01:40
Severity ?
Summary
doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dokuwiki | dokuwiki | - | |
| fedoraproject | fedora | 16 | |
| fedoraproject | fedora | 17 | |
| fedoraproject | fedora | 18 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FBAE4B4-559D-46BC-9795-5102A7AD9D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
"matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA9D861-3EAF-42F5-B0B6-A4CD7BDD6188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*",
"matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message."
},
{
"lang": "es",
"value": "doku.php en DokuWiki, utilizado en Fedora 16, 17 y 18, cuando ciertos niveles de error de PHP se establecen, permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s del par\u00e1metro prefix, lo que revela la ruta de instalaci\u00f3n en un mensaje de error."
}
],
"id": "CVE-2012-3354",
"lastModified": "2024-11-21T01:40:41.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-20T00:55:00.917",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.freelists.org/post/dokuwiki/Fwd-DokuWiki-Full-path-disclosure"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:073"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/06/24/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/06/25/2"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=835145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.freelists.org/post/dokuwiki/Fwd-DokuWiki-Full-path-disclosure"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/06/24/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/06/25/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=835145"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-05 10:15
Modified
2024-11-21 07:18
Severity ?
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dokuwiki | dokuwiki | * | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A47115F-548F-4E0C-8155-73B897B7B028",
"versionEndExcluding": "2022-07-31a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Reflejado en el repositorio GitHub splitbrain/dokuwiki versiones anteriores a 2022-07-31a"
}
],
"id": "CVE-2022-3123",
"lastModified": "2024-11-21T07:18:52.440",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-05T10:15:09.927",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/splitbrain/dokuwiki/commit/63e9a247c072008a031f9db39fa496f6aca489b6"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/d72a979b-57db-4201-9500-66b49a5c1345"
},
{
"source": "security@huntr.dev",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LLNV7GYZPGLIKBLISVQUREQXE3WHI5R2/"
},
{
"source": "security@huntr.dev",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZQTVHRBEVMSKQESNFLU7MAUAB3R3PG2/"
},
{
"source": "security@huntr.dev",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIWZXLDU7SUS2FANXQRCHJY3F3SWT27E/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/splitbrain/dokuwiki/commit/63e9a247c072008a031f9db39fa496f6aca489b6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/d72a979b-57db-4201-9500-66b49a5c1345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LLNV7GYZPGLIKBLISVQUREQXE3WHI5R2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZQTVHRBEVMSKQESNFLU7MAUAB3R3PG2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XIWZXLDU7SUS2FANXQRCHJY3F3SWT27E/"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@huntr.dev",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-15 18:30
Modified
2024-11-21 01:11
Severity ?
Summary
A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dokuwiki | dokuwiki | * | |
| dokuwiki | dokuwiki | 2004-07-04 | |
| dokuwiki | dokuwiki | 2004-07-07 | |
| dokuwiki | dokuwiki | 2004-07-12 | |
| dokuwiki | dokuwiki | 2004-07-21 | |
| dokuwiki | dokuwiki | 2004-07-25 | |
| dokuwiki | dokuwiki | 2004-08-08 | |
| dokuwiki | dokuwiki | 2004-08-15a | |
| dokuwiki | dokuwiki | 2004-08-22 | |
| dokuwiki | dokuwiki | 2004-09-12 | |
| dokuwiki | dokuwiki | 2004-09-25 | |
| dokuwiki | dokuwiki | 2004-09-30 | |
| dokuwiki | dokuwiki | 2004-11-01 | |
| dokuwiki | dokuwiki | 2004-11-02 | |
| dokuwiki | dokuwiki | 2004-11-10 | |
| dokuwiki | dokuwiki | 2005-01-14 | |
| dokuwiki | dokuwiki | 2005-01-15 | |
| dokuwiki | dokuwiki | 2005-01-16a | |
| dokuwiki | dokuwiki | 2005-02-06 | |
| dokuwiki | dokuwiki | 2005-02-18 | |
| dokuwiki | dokuwiki | 2005-05-07 | |
| dokuwiki | dokuwiki | 2005-07-01 | |
| dokuwiki | dokuwiki | 2005-07-13 | |
| dokuwiki | dokuwiki | 2005-09-19 | |
| dokuwiki | dokuwiki | 2005-09-22 | |
| dokuwiki | dokuwiki | 2006-03-05 | |
| dokuwiki | dokuwiki | 2006-03-09 | |
| dokuwiki | dokuwiki | 2006-03-09e | |
| dokuwiki | dokuwiki | 2006-06-04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB16099-F617-464D-A7B8-5280103AEFF2",
"versionEndIncluding": "release_2009-02-14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-07-04:*:*:*:*:*:*:*",
"matchCriteriaId": "3ECA4630-84CE-4702-9009-FA5CFC68C920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-07-07:*:*:*:*:*:*:*",
"matchCriteriaId": "68F931F1-FB7A-4A91-A49F-1DFABC46C43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-07-12:*:*:*:*:*:*:*",
"matchCriteriaId": "181F97FD-C3E1-46D7-B39D-E6BC47D15CF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-07-21:*:*:*:*:*:*:*",
"matchCriteriaId": "13818642-7B0E-4E4B-9ED9-99FC9CFE23C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-07-25:*:*:*:*:*:*:*",
"matchCriteriaId": "5852CF41-7F0F-4E68-8C3A-0792EDE6A7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-08-08:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5483FC-52E8-4683-8073-D8853B678A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-08-15a:*:*:*:*:*:*:*",
"matchCriteriaId": "14430A14-DB32-4EB1-871D-2910BB5E307D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-08-22:*:*:*:*:*:*:*",
"matchCriteriaId": "17422BB4-CFCE-4993-81AC-3CABB4E51BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-09-12:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFB7620-9965-476E-BFB3-0FF53D9CE742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-09-25:*:*:*:*:*:*:*",
"matchCriteriaId": "48234DBF-8035-4D35-A6FC-1CF058F3B1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-09-30:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D076EE-930B-41CA-A98E-80D39AFEA0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-11-01:*:*:*:*:*:*:*",
"matchCriteriaId": "5F4B5F1B-F24D-4353-BF11-9E4488828E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-11-02:*:*:*:*:*:*:*",
"matchCriteriaId": "480AA7CC-D8FA-45B9-A4CE-18D303913759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-11-10:*:*:*:*:*:*:*",
"matchCriteriaId": "99EB6529-6662-4CA8-864C-EC1F40DBF8DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-01-14:*:*:*:*:*:*:*",
"matchCriteriaId": "B13CD41F-47CA-414E-B042-C496BA9BA0DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-01-15:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE6393E-B4E2-4E40-B152-EBB1A92AA07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-01-16a:*:*:*:*:*:*:*",
"matchCriteriaId": "AB8775A5-B0A3-4322-A6A6-B815444EA549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-02-06:*:*:*:*:*:*:*",
"matchCriteriaId": "FBAFFDD3-18D2-4055-A501-5A92225059DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-02-18:*:*:*:*:*:*:*",
"matchCriteriaId": "FD8C79FB-A755-4AC7-9491-E1D17BEE8726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-05-07:*:*:*:*:*:*:*",
"matchCriteriaId": "65089ACF-324B-4F95-AAA5-ED596DD25FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-07-01:*:*:*:*:*:*:*",
"matchCriteriaId": "AB2A5412-2F05-4F07-A082-2F57A0BEC50C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-07-13:*:*:*:*:*:*:*",
"matchCriteriaId": "558BE818-E004-4F21-B49E-BD2FB6227C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-09-19:*:*:*:*:*:*:*",
"matchCriteriaId": "3434315F-BA84-418A-B76F-1B631451DCD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-09-22:*:*:*:*:*:*:*",
"matchCriteriaId": "5120DDA0-C1A0-4B7E-ACE8-EDB09391491A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2006-03-05:*:*:*:*:*:*:*",
"matchCriteriaId": "A75E526E-7BEB-4246-9865-DA46FEC6E66E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2006-03-09:*:*:*:*:*:*:*",
"matchCriteriaId": "E29643D4-0746-435A-97B3-608BB831339F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2006-03-09e:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CC022B-60C2-43CE-89E2-A3D25F93D430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2006-06-04:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0406EF-FD61-4737-A091-D2199186D312",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010."
},
{
"lang": "es",
"value": "Una errata en el check del permiso de administrador del plugin ACL Manager (plugins/acl/ajax.php) de DokuWiki en versiones anteriores a la v2009-12-25b permite a atacantes remotos obtener privlegios y acceder a wikis cerrados editando las restricciones de ACL actuales, como se ha demostrado en Enero del 2010."
}
],
"id": "CVE-2010-0288",
"lastModified": "2024-11-21T01:11:54.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-15T18:30:00.643",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.splitbrain.org/index.php?do=details\u0026task_id=1847"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/61710"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38183"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-1976"
},
{
"source": "secalert@redhat.com",
"url": "http://www.exploit-db.com/exploits/11141"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/37820"
},
{
"source": "secalert@redhat.com",
"url": "http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/0150"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.splitbrain.org/index.php?do=details\u0026task_id=1847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-1976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/11141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55661"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-03-30 14:59
Modified
2024-11-21 02:26
Severity ?
Summary
DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9B2745B-1076-4CC6-A38A-4D87D89012A7",
"versionEndExcluding": "2014-05-05d",
"versionStartIncluding": "2014-05-05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A45B2716-772C-4028-91DC-BE0A74DDA9BF",
"versionEndExcluding": "2014-09-29c",
"versionStartIncluding": "2014-09-29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API."
},
{
"lang": "es",
"value": "DokuWiki en versiones anteriores a 2014-05-05d y en versiones anteriores a 2014-09-29c no comprueba correctamente los permisos para los plugins ACL, lo que permite a usuarios remotos autenticados ganar privilegios y a\u00f1adir o eliminar reglas ACL a trav\u00e9s de una solicitud a la API XMLRPC."
}
],
"id": "CVE-2015-2172",
"lastModified": "2024-11-21T02:26:55.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-30T14:59:07.070",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2015-0093.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152994.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153062.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153266.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/02/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72827"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/splitbrain/dokuwiki/commit/4970ad24ce49ec76a0ee67bca7594f918ced2f5f"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/1056"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dokuwiki.org/changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2015-0093.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152994.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153266.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/02/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/splitbrain/dokuwiki/commit/4970ad24ce49ec76a0ee67bca7594f918ced2f5f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/1056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dokuwiki.org/changes"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-03 15:29
Modified
2024-11-21 03:19
Severity ?
Summary
The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dokuwiki | dokuwiki | * | |
| debian | debian_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB0CE3C-3563-4C9B-B168-FD1FA7F960D1",
"versionEndIncluding": "2017-02-19e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs."
},
{
"lang": "es",
"value": "El par\u00e1metro call de /lib/exe/ajax.php en DokuWiki hasta 2017-02-19e no cifra correctamente las entradas de usuario, lo que conduce a una vulnerabilidad de descarga de archivos reflejada y permite que atacantes remotos ejecuten programas arbitrarios."
}
],
"id": "CVE-2017-18123",
"lastModified": "2024-11-21T03:19:23.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-03T15:29:00.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/2029"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/splitbrain/dokuwiki/pull/2019"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/238316"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://vulnhive.com/2018/000004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/2029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/splitbrain/dokuwiki/pull/2019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/238316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://vulnhive.com/2018/000004"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-05 02:15
Modified
2025-01-08 20:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
DokuWiki before 2023-04-04a allows XSS via RSS titles.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA8006C-4EDB-4CC6-9FB5-1A0F553ABE62",
"versionEndExcluding": "2023-04-04a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DokuWiki before 2023-04-04a allows XSS via RSS titles."
},
{
"lang": "es",
"value": "DokuWiki antes de la fecha 04-04-2023 permite ataques de Cross-Site Scripting (XSS) a trav\u00e9s de t\u00edtulos RSS. "
}
],
"id": "CVE-2023-34408",
"lastModified": "2025-01-08T20:15:26.503",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-06-05T02:15:09.537",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/dokuwiki/dokuwiki/compare/release-2023-04-04...release-2023-04-04a"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/dokuwiki/dokuwiki/pull/3967"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/c6119106-1a5c-464c-94dd-ee7c5d0bece0/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.github.com/splitbrain/dokuwiki/commit/53df38b0e4465894a67a5890f74a6f5f82e827de"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/dokuwiki/dokuwiki/compare/release-2023-04-04...release-2023-04-04a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/dokuwiki/dokuwiki/pull/3967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/c6119106-1a5c-464c-94dd-ee7c5d0bece0/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.github.com/splitbrain/dokuwiki/commit/53df38b0e4465894a67a5890f74a6f5f82e827de"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-15 18:30
Modified
2024-11-21 01:11
Severity ?
Summary
Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dokuwiki | dokuwiki | * | |
| dokuwiki | dokuwiki | 2004-07-04 | |
| dokuwiki | dokuwiki | 2004-07-07 | |
| dokuwiki | dokuwiki | 2004-07-12 | |
| dokuwiki | dokuwiki | 2004-07-21 | |
| dokuwiki | dokuwiki | 2004-07-25 | |
| dokuwiki | dokuwiki | 2004-08-08 | |
| dokuwiki | dokuwiki | 2004-08-15a | |
| dokuwiki | dokuwiki | 2004-08-22 | |
| dokuwiki | dokuwiki | 2004-09-12 | |
| dokuwiki | dokuwiki | 2004-09-25 | |
| dokuwiki | dokuwiki | 2004-09-30 | |
| dokuwiki | dokuwiki | 2004-11-01 | |
| dokuwiki | dokuwiki | 2004-11-02 | |
| dokuwiki | dokuwiki | 2004-11-10 | |
| dokuwiki | dokuwiki | 2005-01-14 | |
| dokuwiki | dokuwiki | 2005-01-15 | |
| dokuwiki | dokuwiki | 2005-01-16a | |
| dokuwiki | dokuwiki | 2005-02-06 | |
| dokuwiki | dokuwiki | 2005-02-18 | |
| dokuwiki | dokuwiki | 2005-05-07 | |
| dokuwiki | dokuwiki | 2005-07-01 | |
| dokuwiki | dokuwiki | 2005-07-13 | |
| dokuwiki | dokuwiki | 2005-09-19 | |
| dokuwiki | dokuwiki | 2005-09-22 | |
| dokuwiki | dokuwiki | 2006-03-05 | |
| dokuwiki | dokuwiki | 2006-03-09 | |
| dokuwiki | dokuwiki | 2006-03-09e | |
| dokuwiki | dokuwiki | 2006-06-04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB16099-F617-464D-A7B8-5280103AEFF2",
"versionEndIncluding": "release_2009-02-14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-07-04:*:*:*:*:*:*:*",
"matchCriteriaId": "3ECA4630-84CE-4702-9009-FA5CFC68C920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-07-07:*:*:*:*:*:*:*",
"matchCriteriaId": "68F931F1-FB7A-4A91-A49F-1DFABC46C43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-07-12:*:*:*:*:*:*:*",
"matchCriteriaId": "181F97FD-C3E1-46D7-B39D-E6BC47D15CF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-07-21:*:*:*:*:*:*:*",
"matchCriteriaId": "13818642-7B0E-4E4B-9ED9-99FC9CFE23C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-07-25:*:*:*:*:*:*:*",
"matchCriteriaId": "5852CF41-7F0F-4E68-8C3A-0792EDE6A7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-08-08:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5483FC-52E8-4683-8073-D8853B678A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-08-15a:*:*:*:*:*:*:*",
"matchCriteriaId": "14430A14-DB32-4EB1-871D-2910BB5E307D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-08-22:*:*:*:*:*:*:*",
"matchCriteriaId": "17422BB4-CFCE-4993-81AC-3CABB4E51BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-09-12:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFB7620-9965-476E-BFB3-0FF53D9CE742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-09-25:*:*:*:*:*:*:*",
"matchCriteriaId": "48234DBF-8035-4D35-A6FC-1CF058F3B1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-09-30:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D076EE-930B-41CA-A98E-80D39AFEA0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-11-01:*:*:*:*:*:*:*",
"matchCriteriaId": "5F4B5F1B-F24D-4353-BF11-9E4488828E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-11-02:*:*:*:*:*:*:*",
"matchCriteriaId": "480AA7CC-D8FA-45B9-A4CE-18D303913759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-11-10:*:*:*:*:*:*:*",
"matchCriteriaId": "99EB6529-6662-4CA8-864C-EC1F40DBF8DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-01-14:*:*:*:*:*:*:*",
"matchCriteriaId": "B13CD41F-47CA-414E-B042-C496BA9BA0DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-01-15:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE6393E-B4E2-4E40-B152-EBB1A92AA07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-01-16a:*:*:*:*:*:*:*",
"matchCriteriaId": "AB8775A5-B0A3-4322-A6A6-B815444EA549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-02-06:*:*:*:*:*:*:*",
"matchCriteriaId": "FBAFFDD3-18D2-4055-A501-5A92225059DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-02-18:*:*:*:*:*:*:*",
"matchCriteriaId": "FD8C79FB-A755-4AC7-9491-E1D17BEE8726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-05-07:*:*:*:*:*:*:*",
"matchCriteriaId": "65089ACF-324B-4F95-AAA5-ED596DD25FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-07-01:*:*:*:*:*:*:*",
"matchCriteriaId": "AB2A5412-2F05-4F07-A082-2F57A0BEC50C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-07-13:*:*:*:*:*:*:*",
"matchCriteriaId": "558BE818-E004-4F21-B49E-BD2FB6227C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-09-19:*:*:*:*:*:*:*",
"matchCriteriaId": "3434315F-BA84-418A-B76F-1B631451DCD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-09-22:*:*:*:*:*:*:*",
"matchCriteriaId": "5120DDA0-C1A0-4B7E-ACE8-EDB09391491A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2006-03-05:*:*:*:*:*:*:*",
"matchCriteriaId": "A75E526E-7BEB-4246-9865-DA46FEC6E66E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2006-03-09:*:*:*:*:*:*:*",
"matchCriteriaId": "E29643D4-0746-435A-97B3-608BB831339F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2006-03-09e:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CC022B-60C2-43CE-89E2-A3D25F93D430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2006-06-04:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0406EF-FD61-4737-A091-D2199186D312",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el plugin ACL Manager (plugins/acl/ajax.php) de DokuWiki en versiones anteriores a la v2009-12-25b permite a usuarios remotos listar los contenidos de directorios de su elecci\u00f3n a trav\u00e9s de .. (punto punto) en el par\u00e1metro ns."
}
],
"id": "CVE-2010-0287",
"lastModified": "2024-11-21T01:11:54.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-15T18:30:00.610",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.splitbrain.org/index.php?do=details\u0026task_id=1847"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38183"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-1976"
},
{
"source": "secalert@redhat.com",
"url": "http://www.exploit-db.com/exploits/11141"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/37821"
},
{
"source": "secalert@redhat.com",
"url": "http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/0150"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.splitbrain.org/index.php?do=details\u0026task_id=1847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-1976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/11141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55660"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-15 18:30
Modified
2024-11-21 01:11
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dokuwiki | dokuwiki | * | |
| dokuwiki | dokuwiki | 2004-07-04 | |
| dokuwiki | dokuwiki | 2004-07-07 | |
| dokuwiki | dokuwiki | 2004-07-12 | |
| dokuwiki | dokuwiki | 2004-07-21 | |
| dokuwiki | dokuwiki | 2004-07-25 | |
| dokuwiki | dokuwiki | 2004-08-08 | |
| dokuwiki | dokuwiki | 2004-08-15a | |
| dokuwiki | dokuwiki | 2004-08-22 | |
| dokuwiki | dokuwiki | 2004-09-12 | |
| dokuwiki | dokuwiki | 2004-09-25 | |
| dokuwiki | dokuwiki | 2004-09-30 | |
| dokuwiki | dokuwiki | 2004-11-01 | |
| dokuwiki | dokuwiki | 2004-11-02 | |
| dokuwiki | dokuwiki | 2004-11-10 | |
| dokuwiki | dokuwiki | 2005-01-14 | |
| dokuwiki | dokuwiki | 2005-01-15 | |
| dokuwiki | dokuwiki | 2005-01-16a | |
| dokuwiki | dokuwiki | 2005-02-06 | |
| dokuwiki | dokuwiki | 2005-02-18 | |
| dokuwiki | dokuwiki | 2005-05-07 | |
| dokuwiki | dokuwiki | 2005-07-01 | |
| dokuwiki | dokuwiki | 2005-07-13 | |
| dokuwiki | dokuwiki | 2005-09-19 | |
| dokuwiki | dokuwiki | 2005-09-22 | |
| dokuwiki | dokuwiki | 2006-03-05 | |
| dokuwiki | dokuwiki | 2006-03-09 | |
| dokuwiki | dokuwiki | 2006-03-09e | |
| dokuwiki | dokuwiki | 2006-06-04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB16099-F617-464D-A7B8-5280103AEFF2",
"versionEndIncluding": "release_2009-02-14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-07-04:*:*:*:*:*:*:*",
"matchCriteriaId": "3ECA4630-84CE-4702-9009-FA5CFC68C920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-07-07:*:*:*:*:*:*:*",
"matchCriteriaId": "68F931F1-FB7A-4A91-A49F-1DFABC46C43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-07-12:*:*:*:*:*:*:*",
"matchCriteriaId": "181F97FD-C3E1-46D7-B39D-E6BC47D15CF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-07-21:*:*:*:*:*:*:*",
"matchCriteriaId": "13818642-7B0E-4E4B-9ED9-99FC9CFE23C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-07-25:*:*:*:*:*:*:*",
"matchCriteriaId": "5852CF41-7F0F-4E68-8C3A-0792EDE6A7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-08-08:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5483FC-52E8-4683-8073-D8853B678A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-08-15a:*:*:*:*:*:*:*",
"matchCriteriaId": "14430A14-DB32-4EB1-871D-2910BB5E307D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-08-22:*:*:*:*:*:*:*",
"matchCriteriaId": "17422BB4-CFCE-4993-81AC-3CABB4E51BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-09-12:*:*:*:*:*:*:*",
"matchCriteriaId": "3DFB7620-9965-476E-BFB3-0FF53D9CE742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-09-25:*:*:*:*:*:*:*",
"matchCriteriaId": "48234DBF-8035-4D35-A6FC-1CF058F3B1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-09-30:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D076EE-930B-41CA-A98E-80D39AFEA0B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-11-01:*:*:*:*:*:*:*",
"matchCriteriaId": "5F4B5F1B-F24D-4353-BF11-9E4488828E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-11-02:*:*:*:*:*:*:*",
"matchCriteriaId": "480AA7CC-D8FA-45B9-A4CE-18D303913759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2004-11-10:*:*:*:*:*:*:*",
"matchCriteriaId": "99EB6529-6662-4CA8-864C-EC1F40DBF8DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-01-14:*:*:*:*:*:*:*",
"matchCriteriaId": "B13CD41F-47CA-414E-B042-C496BA9BA0DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-01-15:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE6393E-B4E2-4E40-B152-EBB1A92AA07C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-01-16a:*:*:*:*:*:*:*",
"matchCriteriaId": "AB8775A5-B0A3-4322-A6A6-B815444EA549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-02-06:*:*:*:*:*:*:*",
"matchCriteriaId": "FBAFFDD3-18D2-4055-A501-5A92225059DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-02-18:*:*:*:*:*:*:*",
"matchCriteriaId": "FD8C79FB-A755-4AC7-9491-E1D17BEE8726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-05-07:*:*:*:*:*:*:*",
"matchCriteriaId": "65089ACF-324B-4F95-AAA5-ED596DD25FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-07-01:*:*:*:*:*:*:*",
"matchCriteriaId": "AB2A5412-2F05-4F07-A082-2F57A0BEC50C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-07-13:*:*:*:*:*:*:*",
"matchCriteriaId": "558BE818-E004-4F21-B49E-BD2FB6227C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-09-19:*:*:*:*:*:*:*",
"matchCriteriaId": "3434315F-BA84-418A-B76F-1B631451DCD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-09-22:*:*:*:*:*:*:*",
"matchCriteriaId": "5120DDA0-C1A0-4B7E-ACE8-EDB09391491A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2006-03-05:*:*:*:*:*:*:*",
"matchCriteriaId": "A75E526E-7BEB-4246-9865-DA46FEC6E66E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2006-03-09:*:*:*:*:*:*:*",
"matchCriteriaId": "E29643D4-0746-435A-97B3-608BB831339F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2006-03-09e:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CC022B-60C2-43CE-89E2-A3D25F93D430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2006-06-04:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0406EF-FD61-4737-A091-D2199186D312",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en el plugin ACL Manager (plugins/acl/ajax.php) de DokuWiki en versiones anteriores a la v2009-12-25c. Permiten a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores para peticiones que modifican el acceso a las reglas de control de acceso, y otras peticiones sin especificar, a trav\u00e9s de vectores de ataque desconocidos."
}
],
"id": "CVE-2010-0289",
"lastModified": "2024-11-21T01:11:54.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-02-15T18:30:00.690",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.splitbrain.org/index.php?do=details\u0026task_id=1853"
},
{
"source": "secalert@redhat.com",
"url": "http://freshmeat.net/projects/dokuwiki/tags/security-fix"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/61708"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38205"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-1976"
},
{
"source": "secalert@redhat.com",
"url": "http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.splitbrain.org/index.php?do=details\u0026task_id=1853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://freshmeat.net/projects/dokuwiki/tags/security-fix"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-1976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-06 03:29
Modified
2024-11-21 03:09
Severity ?
Summary
DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/splitbrain/dokuwiki/issues/2061 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/splitbrain/dokuwiki/issues/2061 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF38597C-8FCE-4ED4-BA2C-A0BCDC294FBE",
"versionEndIncluding": "2017-02-19b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php."
},
{
"lang": "es",
"value": "La versi\u00f3n 2017-02-19b de DokuWiki tiene una vulnerabilidad de tipo XSS en el par\u00e1metro at (o variable DATE_AT) al doku.php."
}
],
"id": "CVE-2017-12583",
"lastModified": "2024-11-21T03:09:48.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-06T03:29:00.213",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/2061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/2061"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-14 23:55
Modified
2024-11-21 01:28
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbitrary web script or HTML via a link.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dokuwiki | dokuwiki | * | |
| dokuwiki | dokuwiki | 2005-07-01 | |
| dokuwiki | dokuwiki | 2005-07-13 | |
| dokuwiki | dokuwiki | 2005-09-19 | |
| dokuwiki | dokuwiki | 2005-09-22 | |
| dokuwiki | dokuwiki | 2006-03-05 | |
| dokuwiki | dokuwiki | 2006-03-09 | |
| dokuwiki | dokuwiki | 2006-11-06 | |
| dokuwiki | dokuwiki | 2007-06-26 | |
| dokuwiki | dokuwiki | 2008-05-05 | |
| dokuwiki | dokuwiki | 2009-02-14b | |
| dokuwiki | dokuwiki | 2009-12-25c |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0361554F-C459-4932-90EE-7AC8BA61BF34",
"versionEndIncluding": "2010-11-07a",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-07-01:*:*:*:*:*:*:*",
"matchCriteriaId": "AB2A5412-2F05-4F07-A082-2F57A0BEC50C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-07-13:*:*:*:*:*:*:*",
"matchCriteriaId": "558BE818-E004-4F21-B49E-BD2FB6227C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-09-19:*:*:*:*:*:*:*",
"matchCriteriaId": "3434315F-BA84-418A-B76F-1B631451DCD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2005-09-22:*:*:*:*:*:*:*",
"matchCriteriaId": "5120DDA0-C1A0-4B7E-ACE8-EDB09391491A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2006-03-05:*:*:*:*:*:*:*",
"matchCriteriaId": "A75E526E-7BEB-4246-9865-DA46FEC6E66E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2006-03-09:*:*:*:*:*:*:*",
"matchCriteriaId": "E29643D4-0746-435A-97B3-608BB831339F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2006-11-06:*:*:*:*:*:*:*",
"matchCriteriaId": "86B05C3B-F637-441A-AB74-CB47215589F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2007-06-26:*:*:*:*:*:*:*",
"matchCriteriaId": "64D85DB6-8B5F-4301-AA4A-1BA0EBBD00A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2008-05-05:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD1CD46-269E-4D2C-9C41-CCCBA8F84BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2009-02-14b:*:*:*:*:*:*:*",
"matchCriteriaId": "06B2EED0-5322-400C-A724-ACD15B281050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2009-12-25c:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3FF52A-EDE9-468E-BADA-659F90049264",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbitrary web script or HTML via a link."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad RSS dentro de DokuWiki anterior a v2011-05-25a Rincewind permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un link."
}
],
"id": "CVE-2011-2510",
"lastModified": "2024-11-21T01:28:25.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-07-14T23:55:05.630",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631818"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062380.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062389.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45009"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45190"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-366/CERTA-2011-AVI-366.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2320"
},
{
"source": "secalert@redhat.com",
"url": "http://www.dokuwiki.org/changes"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.freelists.org/post/dokuwiki/Hotfix-Release-20110525a-Rincewind"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/29/13"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/48364"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=717146"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062380.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062389.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-366/CERTA-2011-AVI-366.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.dokuwiki.org/changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.freelists.org/post/dokuwiki/Hotfix-Release-20110525a-Rincewind"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/28/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/29/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=717146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68122"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-08 01:00
Modified
2024-11-21 01:03
Severity ?
Summary
inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2009-02-14:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1517AA-3CF0-4B87-BC19-09D1E58EDFFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:rc2009-01-30:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB7EDB7-794F-4180-93B4-1C15D754F3B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:rc2009-02-06:*:*:*:*:*:*:*",
"matchCriteriaId": "71C079F7-4C88-4D24-9392-4BA7816DA6B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs."
},
{
"lang": "es",
"value": "inc/init.php de DokuWiki 2009-02-14, rc2009-02-06 y rc2009-01-30, cuando register_globals est\u00e1 habilitado, permite a atacantes remotos incluir y ejecutar ficheros locales de su elecci\u00f3n a trav\u00e9s del par\u00e1metro config_cascade[main][default][] de doku.php. NOTA: tambi\u00e9n es posible una inclusi\u00f3n remota de fichero PHP en PHP v5 que utilice URLs ftp://."
}
],
"id": "CVE-2009-1960",
"lastModified": "2024-11-21T01:03:47.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-06-08T01:00:00.797",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.splitbrain.org/index.php?do=details\u0026task_id=1700"
},
{
"source": "cve@mitre.org",
"url": "http://dev.splitbrain.org/darcsweb/darcsweb.cgi?r=dokuwiki%3Ba=commitdiff%3Bh=20090526145030-7ad00-c0483e021f47898c8597f3bfbdd26c637f891d86.gz"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35218"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35095"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/8781"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/8812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.splitbrain.org/index.php?do=details\u0026task_id=1700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://dev.splitbrain.org/darcsweb/darcsweb.cgi?r=dokuwiki%3Ba=commitdiff%3Bh=20090526145030-7ad00-c0483e021f47898c8597f3bfbdd26c637f891d86.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/8781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/8812"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-12 16:15
Modified
2024-11-21 06:58
Severity ?
Summary
HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dokuwiki | dokuwiki | 2020-07-29 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:2020-07-29:*:*:*:*:*:*:*",
"matchCriteriaId": "240F9A2A-DF99-48C3-9A81-C3CCECC41888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename."
},
{
"lang": "es",
"value": "Se ha detectado que HTMLCreator versi\u00f3n release_stable_2020-07-29, contiene una vulnerabilidad de cross-site scripting (XSS) por medio de la funci\u00f3n _generateFilename"
}
],
"id": "CVE-2022-28919",
"lastModified": "2024-11-21T06:58:11.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-12T16:15:07.417",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/3651"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DB7BXJKFALXHURED3OMJIQ4KEDGZOOWL/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFL5KMLTSWOHTDHURW5W6YP2DV67IQFP/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGKXK6TK27URC76FTX46Z6OLTKYIQK7E/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/3651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DB7BXJKFALXHURED3OMJIQ4KEDGZOOWL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFL5KMLTSWOHTDHURW5W6YP2DV67IQFP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGKXK6TK27URC76FTX46Z6OLTKYIQK7E/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-21 07:29
Modified
2024-11-21 03:10
Severity ?
Summary
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/splitbrain/dokuwiki/issues/2080 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/splitbrain/dokuwiki/issues/2080 | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A4E51B-009F-4D4F-8DE4-EF96F2D1953F",
"versionEndIncluding": "2017-02-19c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution."
},
{
"lang": "es",
"value": "DokuWiki en su versi\u00f3n 2017-02-19c tiene una vulnerabilidad de tipo Cross-Site Scripting (XSS) cuando presenta un nombre de lenguaje malicioso en un elemento del c\u00f3digo en /inc/parser/xhtml.php. Un atacante puede crear o editar una wiki con este elemento para desencadenar la ejecuci\u00f3n de JavaScript."
}
],
"id": "CVE-2017-12979",
"lastModified": "2024-11-21T03:10:34.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-21T07:29:00.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/2080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/splitbrain/dokuwiki/issues/2080"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}