Vulnerabilites related to twiki - twiki
CVE-2011-1838 (GCVE-0-2011-1838)
Vulnerability from cvelistv5
Published
2011-05-20 22:00
Modified
2024-08-06 22:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:26.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-1838"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Twiki/"
},
{
"name": "1025542",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025542"
},
{
"name": "20110518 XSS vulnerability in TWiki \u003c 5.0.2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/518038/100/0/threaded"
},
{
"name": "ADV-2011-1258",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1258"
},
{
"name": "8257",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8257"
},
{
"name": "47899",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47899"
},
{
"name": "44594",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44594"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-1838"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Twiki/"
},
{
"name": "1025542",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025542"
},
{
"name": "20110518 XSS vulnerability in TWiki \u003c 5.0.2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/518038/100/0/threaded"
},
{
"name": "ADV-2011-1258",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1258"
},
{
"name": "8257",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8257"
},
{
"name": "47899",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47899"
},
{
"name": "44594",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44594"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-1838",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-1838"
},
{
"name": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Twiki/",
"refsource": "MISC",
"url": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Twiki/"
},
{
"name": "1025542",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025542"
},
{
"name": "20110518 XSS vulnerability in TWiki \u003c 5.0.2",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518038/100/0/threaded"
},
{
"name": "ADV-2011-1258",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1258"
},
{
"name": "8257",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8257"
},
{
"name": "47899",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47899"
},
{
"name": "44594",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44594"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1838",
"datePublished": "2011-05-20T22:00:00",
"dateReserved": "2011-04-27T00:00:00",
"dateUpdated": "2024-08-06T22:37:26.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7236 (GCVE-0-2014-7236)
Vulnerability from cvelistv5
Published
2020-02-17 21:14
Modified
2024-08-06 12:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70372",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70372"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/44"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030981"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T21:14:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "70372",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70372"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/44"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1030981"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70372",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70372"
},
{
"name": "http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html"
},
{
"name": "http://seclists.org/fulldisclosure/2014/Oct/44",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/44"
},
{
"name": "http://www.securitytracker.com/id/1030981",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1030981"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7236",
"datePublished": "2020-02-17T21:14:54",
"dateReserved": "2014-09-30T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1387 (GCVE-0-2006-1387)
Vulnerability from cvelistv5
Published
2006-03-26 22:00
Modified
2024-08-07 17:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE by URL statements that form a loop, such as a page that includes itself.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:12:20.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19410"
},
{
"name": "twiki-include-edit-dos(25445)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25445"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAdvisoryDosAttackWithInclude"
},
{
"name": "ADV-2006-1116",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1116"
},
{
"name": "17267",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17267"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE by URL statements that form a loop, such as a page that includes itself."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19410"
},
{
"name": "twiki-include-edit-dos(25445)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25445"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAdvisoryDosAttackWithInclude"
},
{
"name": "ADV-2006-1116",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1116"
},
{
"name": "17267",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17267"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE by URL statements that form a loop, such as a page that includes itself."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19410"
},
{
"name": "twiki-include-edit-dos(25445)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25445"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAdvisoryDosAttackWithInclude",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAdvisoryDosAttackWithInclude"
},
{
"name": "ADV-2006-1116",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1116"
},
{
"name": "17267",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17267"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1387",
"datePublished": "2006-03-26T22:00:00",
"dateReserved": "2006-03-24T00:00:00",
"dateUpdated": "2024-08-07T17:12:20.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2877 (GCVE-0-2005-2877)
Vulnerability from cvelistv5
Published
2005-09-16 04:00
Modified
2024-08-07 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev"
},
{
"name": "20050914 TWiki Remote Command Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112680475417550\u0026w=2"
},
{
"name": "VU#757181",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/757181"
},
{
"name": "14834",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14834"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev"
},
{
"name": "20050914 TWiki Remote Command Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112680475417550\u0026w=2"
},
{
"name": "VU#757181",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/757181"
},
{
"name": "14834",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14834"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev"
},
{
"name": "20050914 TWiki Remote Command Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112680475417550\u0026w=2"
},
{
"name": "VU#757181",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/757181"
},
{
"name": "14834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14834"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2877",
"datePublished": "2005-09-16T04:00:00",
"dateReserved": "2005-09-13T00:00:00",
"dateUpdated": "2024-08-07T22:53:29.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7237 (GCVE-0-2014-7237)
Vulnerability from cvelistv5
Published
2014-10-16 00:00
Modified
2024-08-06 12:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237"
},
{
"name": "1030982",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030982"
},
{
"name": "20141009 TWiki Security Alert CVE-2014-7237: Apache configuration file upload on TWiki on Windows server",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/45"
},
{
"name": "twiki-cve20147237-file-upload(96952)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96952"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237"
},
{
"name": "1030982",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030982"
},
{
"name": "20141009 TWiki Security Alert CVE-2014-7237: Apache configuration file upload on TWiki on Windows server",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/45"
},
{
"name": "twiki-cve20147237-file-upload(96952)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96952"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237"
},
{
"name": "1030982",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030982"
},
{
"name": "20141009 TWiki Security Alert CVE-2014-7237: Apache configuration file upload on TWiki on Windows server",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/45"
},
{
"name": "twiki-cve20147237-file-upload(96952)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96952"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7237",
"datePublished": "2014-10-16T00:00:00",
"dateReserved": "2014-09-30T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3336 (GCVE-0-2006-3336)
Vulnerability from cvelistv5
Published
2006-07-05 20:00
Modified
2024-08-07 18:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-2677",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2677"
},
{
"name": "20992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20992"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads"
},
{
"name": "18854",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18854"
},
{
"name": "1016458",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016458"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as \".php.en\", \".php.1\", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-07-13T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-2677",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2677"
},
{
"name": "20992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20992"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads"
},
{
"name": "18854",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18854"
},
{
"name": "1016458",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016458"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as \".php.en\", \".php.1\", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2677",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2677"
},
{
"name": "20992",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20992"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads"
},
{
"name": "18854",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18854"
},
{
"name": "1016458",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016458"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3336",
"datePublished": "2006-07-05T20:00:00",
"dateReserved": "2006-07-02T00:00:00",
"dateUpdated": "2024-08-07T18:23:21.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1751 (GCVE-0-2013-1751)
Vulnerability from cvelistv5
Published
2019-11-07 21:51
Modified
2024-08-06 15:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1751"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028149"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted \u0027%MAKETEXT{}%\u0027 parameter value containing Perl backtick characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-07T21:51:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1751"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1028149"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted \u0027%MAKETEXT{}%\u0027 parameter value containing Perl backtick characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1751",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1751"
},
{
"name": "http://www.securitytracker.com/id/1028149",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1028149"
},
{
"name": "https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751",
"refsource": "CONFIRM",
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1751",
"datePublished": "2019-11-07T21:51:14",
"dateReserved": "2013-02-15T00:00:00",
"dateUpdated": "2024-08-06T15:13:32.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3819 (GCVE-0-2006-3819)
Vulnerability from cvelistv5
Published
2006-07-27 01:00
Modified
2024-08-07 18:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF".
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:38.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "twiki-configure-command-injection(28049)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28049"
},
{
"name": "1016603",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016603"
},
{
"name": "21235",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21235"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertCmdExecWithConfigure"
},
{
"name": "19188",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19188"
},
{
"name": "27556",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=27556"
},
{
"name": "ADV-2006-2995",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2995"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with \"TYPEOF\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "twiki-configure-command-injection(28049)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28049"
},
{
"name": "1016603",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016603"
},
{
"name": "21235",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21235"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertCmdExecWithConfigure"
},
{
"name": "19188",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19188"
},
{
"name": "27556",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=27556"
},
{
"name": "ADV-2006-2995",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2995"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with \"TYPEOF\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "twiki-configure-command-injection(28049)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28049"
},
{
"name": "1016603",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016603"
},
{
"name": "21235",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21235"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertCmdExecWithConfigure",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertCmdExecWithConfigure"
},
{
"name": "19188",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19188"
},
{
"name": "27556",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=27556"
},
{
"name": "ADV-2006-2995",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2995"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3819",
"datePublished": "2006-07-27T01:00:00",
"dateReserved": "2006-07-24T00:00:00",
"dateUpdated": "2024-08-07T18:48:38.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5304 (GCVE-0-2008-5304)
Vulnerability from cvelistv5
Published
2008-12-10 00:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32669",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32669"
},
{
"name": "ADV-2008-3381",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3381"
},
{
"name": "1021351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021351"
},
{
"name": "twiki-urlparam-xss(47122)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47122"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5304"
},
{
"name": "33040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32669",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32669"
},
{
"name": "ADV-2008-3381",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3381"
},
{
"name": "1021351",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021351"
},
{
"name": "twiki-urlparam-xss(47122)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47122"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5304"
},
{
"name": "33040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33040"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32669",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32669"
},
{
"name": "ADV-2008-3381",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3381"
},
{
"name": "1021351",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021351"
},
{
"name": "twiki-urlparam-xss(47122)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47122"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5304",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5304"
},
{
"name": "33040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33040"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5304",
"datePublished": "2008-12-10T00:00:00",
"dateReserved": "2008-12-01T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0979 (GCVE-0-2012-0979)
Vulnerability from cvelistv5
Published
2012-02-02 17:00
Modified
2024-08-06 18:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:25.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47784",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47784"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://st2tea.blogspot.com/2012/01/cross-site-scripting-twiki.html"
},
{
"name": "1026604",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026604"
},
{
"name": "51731",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51731"
},
{
"name": "twiki-organization-xss(72821)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72821"
},
{
"name": "78664",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78664"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/109246/twiki-xss.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "47784",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47784"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://st2tea.blogspot.com/2012/01/cross-site-scripting-twiki.html"
},
{
"name": "1026604",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026604"
},
{
"name": "51731",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51731"
},
{
"name": "twiki-organization-xss(72821)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72821"
},
{
"name": "78664",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78664"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/109246/twiki-xss.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47784",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47784"
},
{
"name": "http://st2tea.blogspot.com/2012/01/cross-site-scripting-twiki.html",
"refsource": "MISC",
"url": "http://st2tea.blogspot.com/2012/01/cross-site-scripting-twiki.html"
},
{
"name": "1026604",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026604"
},
{
"name": "51731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51731"
},
{
"name": "twiki-organization-xss(72821)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72821"
},
{
"name": "78664",
"refsource": "OSVDB",
"url": "http://osvdb.org/78664"
},
{
"name": "http://packetstormsecurity.org/files/109246/twiki-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/109246/twiki-xss.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0979",
"datePublished": "2012-02-02T17:00:00",
"dateReserved": "2012-02-02T00:00:00",
"dateUpdated": "2024-08-06T18:45:25.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20212 (GCVE-0-2018-20212)
Vulnerability from cvelistv5
Published
2019-03-17 20:30
Modified
2024-08-05 11:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:18.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151028/TWiki-6.0.2-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/DownloadTWiki"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-17T20:30:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151028/TWiki-6.0.2-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://twiki.org/cgi-bin/view/Codev/DownloadTWiki"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151028/TWiki-6.0.2-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151028/TWiki-6.0.2-Cross-Site-Scripting.html"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/7",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/7"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/DownloadTWiki",
"refsource": "MISC",
"url": "http://twiki.org/cgi-bin/view/Codev/DownloadTWiki"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20212",
"datePublished": "2019-03-17T20:30:20",
"dateReserved": "2018-12-18T00:00:00",
"dateUpdated": "2024-08-05T11:58:18.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9325 (GCVE-0-2014-9325)
Vulnerability from cvelistv5
Published
2014-12-31 21:00
Modified
2024-08-06 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to do/view/Main/TWikiPreferences.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141219 TWiki Security Alert CVE-2014-9325: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING Variables",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/81"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325"
},
{
"name": "1031399",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031399"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129654/TWiki-6.0.1-QUERYSTRING-QUERYPARAMSTRING-XSS.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to do/view/Main/TWikiPreferences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-31T20:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141219 TWiki Security Alert CVE-2014-9325: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING Variables",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/81"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325"
},
{
"name": "1031399",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031399"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129654/TWiki-6.0.1-QUERYSTRING-QUERYPARAMSTRING-XSS.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to do/view/Main/TWikiPreferences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141219 TWiki Security Alert CVE-2014-9325: XSS Vulnerability with QUERYSTRING and QUERYPARAMSTRING Variables",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/81"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325"
},
{
"name": "1031399",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031399"
},
{
"name": "http://packetstormsecurity.com/files/129654/TWiki-6.0.1-QUERYSTRING-QUERYPARAMSTRING-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129654/TWiki-6.0.1-QUERYSTRING-QUERYPARAMSTRING-XSS.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9325",
"datePublished": "2014-12-31T21:00:00",
"dateReserved": "2014-12-07T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5305 (GCVE-0-2008-5305)
Vulnerability from cvelistv5
Published
2008-12-10 00:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1021352",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021352"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305"
},
{
"name": "32668",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32668"
},
{
"name": "ADV-2008-3381",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3381"
},
{
"name": "33040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-03-03T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1021352",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021352"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305"
},
{
"name": "32668",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32668"
},
{
"name": "ADV-2008-3381",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3381"
},
{
"name": "33040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33040"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1021352",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021352"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305"
},
{
"name": "32668",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32668"
},
{
"name": "ADV-2008-3381",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3381"
},
{
"name": "33040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33040"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5305",
"datePublished": "2008-12-10T00:00:00",
"dateReserved": "2008-12-01T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2942 (GCVE-0-2006-2942)
Vulnerability from cvelistv5
Published
2006-06-20 18:00
Modified
2024-08-07 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:27.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26623",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26623"
},
{
"name": "20596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20596"
},
{
"name": "twiki-action-security-bypass(27336)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27336"
},
{
"name": "ADV-2006-2415",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2415"
},
{
"name": "1016323",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016323"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4PrivilegeElevation"
},
{
"name": "18506",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18506"
},
{
"name": "20060616 TWiki Security Advisory: Privilege elevation with crafted registration form (CVE-2006-2942)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user\u0027s login name with the WikiName of a member of the TWikiAdminGroup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26623",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26623"
},
{
"name": "20596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20596"
},
{
"name": "twiki-action-security-bypass(27336)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27336"
},
{
"name": "ADV-2006-2415",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2415"
},
{
"name": "1016323",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016323"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4PrivilegeElevation"
},
{
"name": "18506",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18506"
},
{
"name": "20060616 TWiki Security Advisory: Privilege elevation with crafted registration form (CVE-2006-2942)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0032.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user\u0027s login name with the WikiName of a member of the TWikiAdminGroup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26623",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26623"
},
{
"name": "20596",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20596"
},
{
"name": "twiki-action-security-bypass(27336)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27336"
},
{
"name": "ADV-2006-2415",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2415"
},
{
"name": "1016323",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016323"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4PrivilegeElevation",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4PrivilegeElevation"
},
{
"name": "18506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18506"
},
{
"name": "20060616 TWiki Security Advisory: Privilege elevation with crafted registration form (CVE-2006-2942)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0032.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2942",
"datePublished": "2006-06-20T18:00:00",
"dateReserved": "2006-06-12T00:00:00",
"dateUpdated": "2024-08-07T18:06:27.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5193 (GCVE-0-2007-5193)
Vulnerability from cvelistv5
Published
2007-10-04 16:00
Modified
2024-08-07 15:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:41.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444982"
},
{
"name": "42338",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42338"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444982"
},
{
"name": "42338",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42338"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444982",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444982"
},
{
"name": "42338",
"refsource": "OSVDB",
"url": "http://osvdb.org/42338"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5193",
"datePublished": "2007-10-04T16:00:00",
"dateReserved": "2007-10-04T00:00:00",
"dateUpdated": "2024-08-07T15:24:41.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1386 (GCVE-0-2006-1386)
Vulnerability from cvelistv5
Published
2006-03-26 22:00
Modified
2024-08-07 17:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:12:21.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "twiki-restricted-content-access(25444)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25444"
},
{
"name": "17268",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17268"
},
{
"name": "19410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19410"
},
{
"name": "1015843",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015843"
},
{
"name": "ADV-2006-1116",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1116"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "twiki-restricted-content-access(25444)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25444"
},
{
"name": "17268",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17268"
},
{
"name": "19410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19410"
},
{
"name": "1015843",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015843"
},
{
"name": "ADV-2006-1116",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1116"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "twiki-restricted-content-access(25444)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25444"
},
{
"name": "17268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17268"
},
{
"name": "19410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19410"
},
{
"name": "1015843",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015843"
},
{
"name": "ADV-2006-1116",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1116"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1386",
"datePublished": "2006-03-26T22:00:00",
"dateReserved": "2006-03-24T00:00:00",
"dateUpdated": "2024-08-07T17:12:21.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9367 (GCVE-0-2014-9367)
Vulnerability from cvelistv5
Published
2014-12-31 21:00
Modified
2024-08-06 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a "'" (single quote) in the scope parameter to do/view/TWiki/WebSearch.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129655/TWiki-6.0.0-6.0.1-WebSearch-Cross-Site-Scripting.html"
},
{
"name": "20141219 TWiki Security Alert CVE-2014-9367: XSS Vulnerability with Scope and Other URL Parameters of WebSearch",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/82"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9367"
},
{
"name": "1031400",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031400"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \"\u0027\" (single quote) in the scope parameter to do/view/TWiki/WebSearch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-12-31T20:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129655/TWiki-6.0.0-6.0.1-WebSearch-Cross-Site-Scripting.html"
},
{
"name": "20141219 TWiki Security Alert CVE-2014-9367: XSS Vulnerability with Scope and Other URL Parameters of WebSearch",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/82"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9367"
},
{
"name": "1031400",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031400"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \"\u0027\" (single quote) in the scope parameter to do/view/TWiki/WebSearch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129655/TWiki-6.0.0-6.0.1-WebSearch-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129655/TWiki-6.0.0-6.0.1-WebSearch-Cross-Site-Scripting.html"
},
{
"name": "20141219 TWiki Security Alert CVE-2014-9367: XSS Vulnerability with Scope and Other URL Parameters of WebSearch",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/82"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9367",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9367"
},
{
"name": "1031400",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031400"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9367",
"datePublished": "2014-12-31T21:00:00",
"dateReserved": "2014-12-11T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4898 (GCVE-0-2009-4898)
Vulnerability from cvelistv5
Published
2010-09-07 16:30
Modified
2024-09-16 18:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. NOTE: this issue exists because of an insufficient fix for CVE-2009-1339.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20100803 CVE 2009 request: twiki before 4.3.2 CSRF",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/02/17"
},
{
"name": "[oss-security] 20100803 Re: CVE 2009 request: twiki before 4.3.2 CSRF",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/03/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAuditTokenBasedCsrfFix"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. NOTE: this issue exists because of an insufficient fix for CVE-2009-1339."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-07T16:30:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20100803 CVE 2009 request: twiki before 4.3.2 CSRF",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/02/17"
},
{
"name": "[oss-security] 20100803 Re: CVE 2009 request: twiki before 4.3.2 CSRF",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/03/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAuditTokenBasedCsrfFix"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. NOTE: this issue exists because of an insufficient fix for CVE-2009-1339."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100803 CVE 2009 request: twiki before 4.3.2 CSRF",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/02/17"
},
{
"name": "[oss-security] 20100803 Re: CVE 2009 request: twiki before 4.3.2 CSRF",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/08/03/8"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAuditTokenBasedCsrfFix",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAuditTokenBasedCsrfFix"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4898",
"datePublished": "2010-09-07T16:30:00Z",
"dateReserved": "2010-06-15T00:00:00Z",
"dateUpdated": "2024-09-16T18:49:22.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1037 (GCVE-0-2004-1037)
Vulnerability from cvelistv5
Published
2004-11-19 05:00
Modified
2024-08-08 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2005:918",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000918"
},
{
"name": "11674",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11674"
},
{
"name": "twik-search-command-execution(18062)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18062"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch"
},
{
"name": "20041116 Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0201.html"
},
{
"name": "GLSA-200411-33",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200411-33.xml"
},
{
"name": "20041112 TWiki search function allows arbitrary shell command execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110037207516456\u0026w=2"
},
{
"name": "P-039",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/p-039.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2005:918",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000918"
},
{
"name": "11674",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11674"
},
{
"name": "twik-search-command-execution(18062)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18062"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch"
},
{
"name": "20041116 Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0201.html"
},
{
"name": "GLSA-200411-33",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200411-33.xml"
},
{
"name": "20041112 TWiki search function allows arbitrary shell command execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110037207516456\u0026w=2"
},
{
"name": "P-039",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/p-039.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2005:918",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000918"
},
{
"name": "11674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11674"
},
{
"name": "twik-search-command-execution(18062)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18062"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch"
},
{
"name": "20041116 Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0201.html"
},
{
"name": "GLSA-200411-33",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200411-33.xml"
},
{
"name": "20041112 TWiki search function allows arbitrary shell command execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110037207516456\u0026w=2"
},
{
"name": "P-039",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-039.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1037",
"datePublished": "2004-11-19T05:00:00",
"dateReserved": "2004-11-16T00:00:00",
"dateUpdated": "2024-08-08T00:39:00.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3010 (GCVE-0-2011-3010)
Vulnerability from cvelistv5
Published
2011-09-30 10:00
Modified
2024-09-17 03:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:26.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5"
},
{
"name": "75674",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/75674"
},
{
"name": "1026091",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1026091"
},
{
"name": "46123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46123"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://develop.twiki.org/trac/changeset/21920"
},
{
"name": "49746",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49746"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010"
},
{
"name": "20110922 XSS Vulnerabilities in TWiki \u003c 5.1.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0142.html"
},
{
"name": "75673",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/75673"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-30T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5"
},
{
"name": "75674",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/75674"
},
{
"name": "1026091",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1026091"
},
{
"name": "46123",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46123"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://develop.twiki.org/trac/changeset/21920"
},
{
"name": "49746",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49746"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010"
},
{
"name": "20110922 XSS Vulnerabilities in TWiki \u003c 5.1.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0142.html"
},
{
"name": "75673",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/75673"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5",
"refsource": "MISC",
"url": "http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5"
},
{
"name": "75674",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/75674"
},
{
"name": "1026091",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1026091"
},
{
"name": "46123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46123"
},
{
"name": "http://develop.twiki.org/trac/changeset/21920",
"refsource": "CONFIRM",
"url": "http://develop.twiki.org/trac/changeset/21920"
},
{
"name": "49746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49746"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010"
},
{
"name": "20110922 XSS Vulnerabilities in TWiki \u003c 5.1.0",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0142.html"
},
{
"name": "75673",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/75673"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3010",
"datePublished": "2011-09-30T10:00:00Z",
"dateReserved": "2011-08-09T00:00:00Z",
"dateUpdated": "2024-09-17T03:03:48.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6071 (GCVE-0-2006-6071)
Vulnerability from cvelistv5
Published
2006-12-02 02:00
Modified
2024-08-07 20:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:12:31.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21381",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21381"
},
{
"name": "twiki-401response-authentication-bypass(30667)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30667"
},
{
"name": "23189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23189"
},
{
"name": "ADV-2006-4790",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4790"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-6071"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and \"ErrorDocument 401\" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21381",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21381"
},
{
"name": "twiki-401response-authentication-bypass(30667)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30667"
},
{
"name": "23189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23189"
},
{
"name": "ADV-2006-4790",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4790"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-6071"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and \"ErrorDocument 401\" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21381"
},
{
"name": "twiki-401response-authentication-bypass(30667)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30667"
},
{
"name": "23189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23189"
},
{
"name": "ADV-2006-4790",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4790"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-6071",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-6071"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6071",
"datePublished": "2006-12-02T02:00:00",
"dateReserved": "2006-11-21T00:00:00",
"dateUpdated": "2024-08-07T20:12:31.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3841 (GCVE-0-2010-3841)
Vulnerability from cvelistv5
Published
2010-10-18 16:00
Modified
2024-08-07 03:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:26:12.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "twiki-multiple-xss(62557)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62557"
},
{
"name": "41796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41796"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2010-3841"
},
{
"name": "44103",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44103"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "twiki-multiple-xss(62557)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62557"
},
{
"name": "41796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41796"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2010-3841"
},
{
"name": "44103",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44103"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "twiki-multiple-xss(62557)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62557"
},
{
"name": "41796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41796"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2010-3841",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2010-3841"
},
{
"name": "44103",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44103"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3841",
"datePublished": "2010-10-18T16:00:00",
"dateReserved": "2010-10-08T00:00:00",
"dateUpdated": "2024-08-07T03:26:12.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3195 (GCVE-0-2008-3195)
Vulnerability from cvelistv5
Published
2008-09-17 18:06
Modified
2024-08-07 09:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.736Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31849"
},
{
"name": "6269",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6269"
},
{
"name": "4265",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4265"
},
{
"name": "31964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31964"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/RGII-7JEQ7L"
},
{
"name": "ADV-2008-2586",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2586"
},
{
"name": "twiki-configure-image-command-execution(45183)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45183"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/TWikiRelease04x02x03#4_2_3_Bugfix_Highlights"
},
{
"name": "twiki-configure-directory-traversal(45182)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45182"
},
{
"name": "VU#362012",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/362012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31849"
},
{
"name": "6269",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6269"
},
{
"name": "4265",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4265"
},
{
"name": "31964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31964"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/RGII-7JEQ7L"
},
{
"name": "ADV-2008-2586",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2586"
},
{
"name": "twiki-configure-image-command-execution(45183)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45183"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/TWikiRelease04x02x03#4_2_3_Bugfix_Highlights"
},
{
"name": "twiki-configure-directory-traversal(45182)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45182"
},
{
"name": "VU#362012",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/362012"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31849"
},
{
"name": "6269",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6269"
},
{
"name": "4265",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4265"
},
{
"name": "31964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31964"
},
{
"name": "http://www.kb.cert.org/vuls/id/RGII-7JEQ7L",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/RGII-7JEQ7L"
},
{
"name": "ADV-2008-2586",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2586"
},
{
"name": "twiki-configure-image-command-execution(45183)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45183"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/TWikiRelease04x02x03#4_2_3_Bugfix_Highlights",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/TWikiRelease04x02x03#4_2_3_Bugfix_Highlights"
},
{
"name": "twiki-configure-directory-traversal(45182)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45182"
},
{
"name": "VU#362012",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/362012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3195",
"datePublished": "2008-09-17T18:06:00",
"dateReserved": "2008-07-16T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3056 (GCVE-0-2005-3056)
Vulnerability from cvelistv5
Published
2019-11-01 12:40
Modified
2024-08-07 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
TWiki allows arbitrary shell command execution via the Include function
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2005-3056"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude"
},
{
"name": "Debian",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TWiki allows arbitrary shell command execution via the Include function"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T12:40:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2005-3056"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude"
},
{
"name": "Debian",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TWiki allows arbitrary shell command execution via the Include function"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2005-3056",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2005-3056"
},
{
"name": "https://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude",
"refsource": "CONFIRM",
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude"
},
{
"name": "Debian",
"refsource": "DEBIAN",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3056",
"datePublished": "2019-11-01T12:40:12",
"dateReserved": "2005-09-26T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4294 (GCVE-0-2006-4294)
Vulnerability from cvelistv5
Published
2006-09-09 00:00
Modified
2024-08-07 19:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3524",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3524"
},
{
"name": "19907",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19907"
},
{
"name": "1016805",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016805"
},
{
"name": "21829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21829"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-4294"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3524",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3524"
},
{
"name": "19907",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19907"
},
{
"name": "1016805",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016805"
},
{
"name": "21829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21829"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-4294"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3524",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3524"
},
{
"name": "19907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19907"
},
{
"name": "1016805",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016805"
},
{
"name": "21829",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21829"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-4294",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-4294"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4294",
"datePublished": "2006-09-09T00:00:00",
"dateReserved": "2006-08-22T00:00:00",
"dateUpdated": "2024-08-07T19:06:07.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1339 (GCVE-0-2009-1339)
Vulnerability from cvelistv5
Published
2009-04-30 20:00
Modified
2024-08-07 05:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/cve/2009-1339"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2009-1339"
},
{
"name": "ADV-2009-1217",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1217"
},
{
"name": "[twiki-announce] 20090430 Announcement: TWiki 4.3.1 Production Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=7E0723DC-CBFF-4DBD-B26C-8686287FF689%40twiki.net\u0026forum_name=twiki-announce"
},
{
"name": "34880",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34880"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/p/pub/Codev/SecurityAlert-CVE-2009-1339/TWiki-4.3.0-c-diff-cve-2009-1339.txt"
},
{
"name": "[debian-bugs-rc] 20090430 Bug#526258: CVE-2009-1339: CSRF Vulnerability with Image Tag",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.nabble.com/Bug-526258:-CVE-2009-1339:-CSRF-Vulnerability-with-Image-Tag-td23311575.html"
},
{
"name": "twiki-unspecified-csrf(50254)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50254"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/526258"
},
{
"name": "1022146",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022146"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/cve/2009-1339"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2009-1339"
},
{
"name": "ADV-2009-1217",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1217"
},
{
"name": "[twiki-announce] 20090430 Announcement: TWiki 4.3.1 Production Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=7E0723DC-CBFF-4DBD-B26C-8686287FF689%40twiki.net\u0026forum_name=twiki-announce"
},
{
"name": "34880",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34880"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/p/pub/Codev/SecurityAlert-CVE-2009-1339/TWiki-4.3.0-c-diff-cve-2009-1339.txt"
},
{
"name": "[debian-bugs-rc] 20090430 Bug#526258: CVE-2009-1339: CSRF Vulnerability with Image Tag",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.nabble.com/Bug-526258:-CVE-2009-1339:-CSRF-Vulnerability-with-Image-Tag-td23311575.html"
},
{
"name": "twiki-unspecified-csrf(50254)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50254"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/526258"
},
{
"name": "1022146",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022146"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/bugs/cve/2009-1339",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/cve/2009-1339"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2009-1339",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2009-1339"
},
{
"name": "ADV-2009-1217",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1217"
},
{
"name": "[twiki-announce] 20090430 Announcement: TWiki 4.3.1 Production Release",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=7E0723DC-CBFF-4DBD-B26C-8686287FF689%40twiki.net\u0026forum_name=twiki-announce"
},
{
"name": "34880",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34880"
},
{
"name": "http://twiki.org/p/pub/Codev/SecurityAlert-CVE-2009-1339/TWiki-4.3.0-c-diff-cve-2009-1339.txt",
"refsource": "CONFIRM",
"url": "http://twiki.org/p/pub/Codev/SecurityAlert-CVE-2009-1339/TWiki-4.3.0-c-diff-cve-2009-1339.txt"
},
{
"name": "[debian-bugs-rc] 20090430 Bug#526258: CVE-2009-1339: CSRF Vulnerability with Image Tag",
"refsource": "MLIST",
"url": "http://www.nabble.com/Bug-526258:-CVE-2009-1339:-CSRF-Vulnerability-with-Image-Tag-td23311575.html"
},
{
"name": "twiki-unspecified-csrf(50254)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50254"
},
{
"name": "http://bugs.debian.org/526258",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/526258"
},
{
"name": "1022146",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022146"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1339",
"datePublished": "2009-04-30T20:00:00",
"dateReserved": "2009-04-17T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6330 (GCVE-0-2012-6330)
Vulnerability from cvelistv5
Published
2013-01-04 21:00
Modified
2024-08-06 21:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"name": "[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"name": "56950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56950"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"name": "[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"name": "56950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56950"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"name": "[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"name": "56950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56950"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6330",
"datePublished": "2013-01-04T21:00:00",
"dateReserved": "2012-12-10T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0669 (GCVE-0-2007-0669)
Vulnerability from cvelistv5
Published
2007-02-08 22:00
Modified
2024-08-07 12:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#584436",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/584436"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2007-0669"
},
{
"name": "33168",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33168"
},
{
"name": "OpenPKG-SA-2007.009",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.009.html"
},
{
"name": "ADV-2007-0544",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0544"
},
{
"name": "20070208 TWiki Security Alert: Arbitrary code execution in session files (CVE-2007-0669)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0033.html"
},
{
"name": "twiki-cgisession-code-execution(32389)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32389"
},
{
"name": "24091",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24091"
},
{
"name": "22378",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22378"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#584436",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/584436"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2007-0669"
},
{
"name": "33168",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33168"
},
{
"name": "OpenPKG-SA-2007.009",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.009.html"
},
{
"name": "ADV-2007-0544",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0544"
},
{
"name": "20070208 TWiki Security Alert: Arbitrary code execution in session files (CVE-2007-0669)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0033.html"
},
{
"name": "twiki-cgisession-code-execution(32389)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32389"
},
{
"name": "24091",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24091"
},
{
"name": "22378",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22378"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#584436",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/584436"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2007-0669",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2007-0669"
},
{
"name": "33168",
"refsource": "OSVDB",
"url": "http://osvdb.org/33168"
},
{
"name": "OpenPKG-SA-2007.009",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.009.html"
},
{
"name": "ADV-2007-0544",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0544"
},
{
"name": "20070208 TWiki Security Alert: Arbitrary code execution in session files (CVE-2007-0669)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0033.html"
},
{
"name": "twiki-cgisession-code-execution(32389)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32389"
},
{
"name": "24091",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24091"
},
{
"name": "22378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22378"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0669",
"datePublished": "2007-02-08T22:00:00",
"dateReserved": "2007-02-02T00:00:00",
"dateUpdated": "2024-08-07T12:26:54.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4998 (GCVE-0-2008-4998)
Vulnerability from cvelistv5
Published
2008-11-07 19:00
Modified
2024-09-17 03:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:16.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494648"
},
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235802"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating \"this bug is invalid."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-07T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494648"
},
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235802"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating \"this bug is invalid.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494648",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494648"
},
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=235802",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235802"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4998",
"datePublished": "2008-11-07T19:00:00Z",
"dateReserved": "2008-11-07T00:00:00Z",
"dateUpdated": "2024-09-17T03:48:37.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2007-10-04 16:17
Modified
2025-04-09 00:30
Severity ?
Summary
The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | * | |
| twiki | twiki | 4.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C8919F1-CD33-437E-9627-69352B276BA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE3EEC6-7E05-4A37-97AA-D73E7D7A0E01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto para twiki 4.1.2 en Debian GNU/Linux, y posiblemente en otros sistemas operativos, especifican el directorio de \u00e1rea de trabajo (cfg{RCS}{WorkAreaDir}) bajo la ra\u00edz de los documentos web, lo cual podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n sensible cuando no hay aplicadas restricciones .htaccess."
}
],
"id": "CVE-2007-5193",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-04T16:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444982"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/42338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/42338"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-09 00:04
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F893E121-82FA-41C8-9BA4-606E6DA01408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47807C3A-8430-48E3-A7C8-C5A1FEDF84C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "620356EA-F106-41DF-AADA-C1EF5A5A0829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "979D8BC8-0032-496F-9503-F3BBBC8FA7CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0804FF93-6554-4F56-9974-017198ED5F44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de directorio transversal en viewfile en TWiki 4.0.0 hasta 4.0.4 permiet a un atacante remoto leer ficheros de su elecci\u00f3n a trav\u00e9s de la secuencia .. (punto punto) en el par\u00e1metro filename."
}
],
"id": "CVE-2006-4294",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-09T00:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21829"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016805"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-4294"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/19907"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-4294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/19907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3524"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-02 02:28
Modified
2025-04-09 00:30
Severity ?
Summary
TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08902D73-8D32-4FD1-88A2-A894048913A6",
"versionEndIncluding": "4.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and \"ErrorDocument 401\" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password."
},
{
"lang": "es",
"value": "Twiki 4.0.5 y anteriores, cuando est\u00e1 funcionando bajo Apache 1.3 usando ApacheLogin con sesiones y redirecciones \"ErrorDocument 401\" a un t\u00f3pico wiki valido, no maneja adecuadamente los intentos de conexi\u00f3n, lo cual permite a un atacante remoto leer contenido de su elecci\u00f3n a trav\u00e9s de la cancelaci\u00f3n de una validaci\u00f3n fallida con un nombre de usuario y contrase\u00f1a no v\u00e1lido."
}
],
"id": "CVE-2006-6071",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-02T02:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23189"
},
{
"source": "cve@mitre.org",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-6071"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21381"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4790"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-6071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30667"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-30 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E38FC46-7F35-4777-87D8-124838860474",
"versionEndIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE3EEC6-7E05-4A37-97AA-D73E7D7A0E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "855671F5-C215-4382-B512-4ABD9D66F13D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C00515-CFEE-427A-BACE-B3140B0D6C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CF4F9B-7ADF-47A2-A556-10CCF7401DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "81DDB420-E707-4319-8395-531FC0D84E5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7A5A57-AE7D-4D3E-A280-41676F355AEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en TWiki anterior a v4.3.1 permite a usuarios remotos autenticados secuestrar la autenticaci\u00f3n de usuarios a su elecci\u00f3n para las peticiones que actualizan p\u00e1ginas, como se demostr\u00f3 por una URL para un script de guardado en el atributo SRC de un elemento IMG, una cuesti\u00f3n relacionada con CVE-2009-1434."
}
],
"id": "CVE-2009-1339",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-30T20:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/526258"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34880"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1022146"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=7E0723DC-CBFF-4DBD-B26C-8686287FF689%40twiki.net\u0026forum_name=twiki-announce"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2009-1339"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://twiki.org/p/pub/Codev/SecurityAlert-CVE-2009-1339/TWiki-4.3.0-c-diff-cve-2009-1339.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.nabble.com/Bug-526258:-CVE-2009-1339:-CSRF-Vulnerability-with-Image-Tag-td23311575.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1217"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50254"
},
{
"source": "cve@mitre.org",
"url": "https://launchpad.net/bugs/cve/2009-1339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/526258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1022146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=7E0723DC-CBFF-4DBD-B26C-8686287FF689%40twiki.net\u0026forum_name=twiki-announce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2009-1339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://twiki.org/p/pub/Codev/SecurityAlert-CVE-2009-1339/TWiki-4.3.0-c-diff-cve-2009-1339.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nabble.com/Bug-526258:-CVE-2009-1339:-CSRF-Vulnerability-with-Image-Tag-td23311575.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/bugs/cve/2009-1339"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-16 00:55
Modified
2025-04-12 10:46
Severity ?
Summary
lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "514BF8A0-B63B-4767-A80C-0C922BF7DD18",
"versionEndIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code."
},
{
"lang": "es",
"value": "lib/TWiki/Sandbox.pm en TWiki 6.0.0 y anteriores, cuando se ejecuta en Windows, permite a atacantes remotos evadir las restricciones de acceso y subir ficheros con nombres restringidos a trav\u00e9s un byte nulo (%00) en el nombre del fichero en bin/upload.cgi, como lo demuestra el uso de .htaccess para ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2014-7237",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-16T00:55:06.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/45"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securitytracker.com/id/1030982"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/45"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securitytracker.com/id/1030982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96952"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-31 21:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to do/view/Main/TWikiPreferences.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A0D459-5426-424D-A394-3A478BFF8CE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to do/view/Main/TWikiPreferences."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en TWiki 6.0.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de (1) la variable QUERYSTRING en lib/TWiki.pm o (2) la variable QUERYPARAMSTRING en lib/TWiki/UI/View.pm, tal y como fue demostrado por QUERY_STRING en do/view/Main/TWikiPreferences."
}
],
"id": "CVE-2014-9325",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-31T21:59:03.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129654/TWiki-6.0.1-QUERYSTRING-QUERYPARAMSTRING-XSS.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/81"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securitytracker.com/id/1031399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129654/TWiki-6.0.1-QUERYSTRING-QUERYPARAMSTRING-XSS.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/81"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securitytracker.com/id/1031399"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-31 21:59
Modified
2025-04-12 10:46
Severity ?
Summary
Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a "'" (single quote) in the scope parameter to do/view/TWiki/WebSearch.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0306B3AE-A684-4438-9B4A-D83F11EFA899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A0D459-5426-424D-A394-3A478BFF8CE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \"\u0027\" (single quote) in the scope parameter to do/view/TWiki/WebSearch."
},
{
"lang": "es",
"value": "Vulnerabilidad de lista negra incompleta en la funci\u00f3n urlEncode en lib/TWiki.pm en TWiki 6.0.0 y 6.0.1 permite a atacantes remotos llevar a cabo un ataque de XSS a trav\u00e9s de \u0027\u0027\u0027 (comillas simples) en el par\u00e1metro scope en do/view/TWiki/WebSearch."
}
],
"id": "CVE-2014-9367",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-12-31T21:59:04.170",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129655/TWiki-6.0.0-6.0.1-WebSearch-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/82"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9367"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securitytracker.com/id/1031400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129655/TWiki-6.0.0-6.0.1-WebSearch-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/82"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securitytracker.com/id/1031400"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-18 15:04
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92E06542-B556-44C0-901A-0380F09741DE",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E0A8F3-02EE-4A6D-BAAC-1D52DF063197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F893E121-82FA-41C8-9BA4-606E6DA01408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47807C3A-8430-48E3-A7C8-C5A1FEDF84C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "620356EA-F106-41DF-AADA-C1EF5A5A0829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "979D8BC8-0032-496F-9503-F3BBBC8FA7CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0804FF93-6554-4F56-9974-017198ED5F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "41445C95-0309-4B90-B725-87D2FE87C9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9996E5B-36AD-407F-B3B6-839CE8E5913E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "748325A4-A237-498A-A185-905FC921D2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE3EEC6-7E05-4A37-97AA-D73E7D7A0E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "855671F5-C215-4382-B512-4ABD9D66F13D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C00515-CFEE-427A-BACE-B3140B0D6C67",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en bin/configure en TWiki anterior a v4.2.3, cuando alg\u00fan paso en el asistente de instalaci\u00f3n es omitido, permite a atacantes remotos leer ficheros de su elecci\u00f3n a trav\u00e9s de una cadena de consulta que contiene ..(punto punto) en la variable \"image\", y ejecutar archivos de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-3195",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-18T15:04:27.233",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31849"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31964"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4265"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://twiki.org/cgi-bin/view/Codev/TWikiRelease04x02x03#4_2_3_Bugfix_Highlights"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/362012"
},
{
"source": "cve@mitre.org",
"url": "http://www.kb.cert.org/vuls/id/RGII-7JEQ7L"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2586"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45182"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45183"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://twiki.org/cgi-bin/view/Codev/TWikiRelease04x02x03#4_2_3_Bugfix_Highlights"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/362012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.kb.cert.org/vuls/id/RGII-7JEQ7L"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6269"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-02 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15AF47F3-29A7-43FF-B2D5-73322A361157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7962DD6F-7915-4790-BA93-7019014BD8F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en TWiki permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del campo \u0027organizaci\u00f3n\u0027 en un perfil, con la participaci\u00f3n de un usuario mediante su (1) registro o (2) la edici\u00f3n de su perfil."
}
],
"evaluatorImpact": "Per: http://secunia.com/advisories/47784\r\n\r\n\u0027The vulnerability is confirmed in version 5.1.1. Other versions may also be affected.\u0027",
"id": "CVE-2012-0979",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-02T17:55:01.333",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78664"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/109246/twiki-xss.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47784"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://st2tea.blogspot.com/2012/01/cross-site-scripting-twiki.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51731"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1026604"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/109246/twiki-xss.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://st2tea.blogspot.com/2012/01/cross-site-scripting-twiki.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72821"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-05 20:05
Modified
2025-04-03 01:03
Severity ?
Summary
TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E0A8F3-02EE-4A6D-BAAC-1D52DF063197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F893E121-82FA-41C8-9BA4-606E6DA01408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47807C3A-8430-48E3-A7C8-C5A1FEDF84C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "620356EA-F106-41DF-AADA-C1EF5A5A0829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "979D8BC8-0032-496F-9503-F3BBBC8FA7CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2000-12-01:*:*:*:*:*:*:*",
"matchCriteriaId": "89599BC3-E1D8-4670-9321-F63A788096A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2001-09-01:*:*:*:*:*:*:*",
"matchCriteriaId": "354C8BA8-603D-4556-8C4C-39DEE4891719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2001-12-01:*:*:*:*:*:*:*",
"matchCriteriaId": "23CC3B43-A77A-471E-A0ED-E91E53C2400C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2003-02-01:*:*:*:*:*:*:*",
"matchCriteriaId": "374ADC0F-0EE2-4DEC-8A37-5F5F15C8137A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2004-09-01:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC5965A-BFC8-42B3-AF13-28E097381E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2004-09-02:*:*:*:*:*:*:*",
"matchCriteriaId": "C94AFFF9-5951-43A9-8018-B10C3F097CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2004-09-03:*:*:*:*:*:*:*",
"matchCriteriaId": "5F823DF7-B38E-4FBF-8D9A-C1B49FC237BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2004-09-04:*:*:*:*:*:*:*",
"matchCriteriaId": "FFA8E461-0CAA-4B44-8BCC-21CD8E1A6A41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as \".php.en\", \".php.1\", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory."
},
{
"lang": "es",
"value": "Vulnerabilidad en TWiki desde la versi\u00f3n del 01-Dic-2000 hasta la versi\u00f3n v4.0.3 que permite a atacantes remotos saltarse el \"upload filter\" (filtro o control de subida) y ejecutar c\u00f3digo de su elecci\u00f3n a traves de nombres de ficheros con dos extensiones como \".php.en\", \".php.1\" y otras extensiones disponibles que no son .txt. NOTA: para que se produzca esta vulnerabilidad el servidor debe permiter la ejecuci\u00f3n de scripts en un directorio p\u00fablico."
}
],
"id": "CVE-2006-3336",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-05T20:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20992"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://securitytracker.com/id?1016458"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18854"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://securitytracker.com/id?1016458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2677"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-03-01 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:2003-02-01:*:*:*:*:*:*:*",
"matchCriteriaId": "374ADC0F-0EE2-4DEC-8A37-5F5F15C8137A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string."
}
],
"id": "CVE-2004-1037",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-03-01T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0201.html"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000918"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110037207516456\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200411-33.xml"
},
{
"source": "cve@mitre.org",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/p-039.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11674"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-11/0201.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110037207516456\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200411-33.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/p-039.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18062"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-17 22:15
Modified
2024-11-21 02:16
Severity ?
Summary
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2014/Oct/44 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/70372 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1030981 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2014/Oct/44 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/70372 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1030981 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7054F1C7-A5E6-4977-8AB8-830075428AC4",
"versionEndIncluding": "4.0.5",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4353BB0-1D40-439E-BE8D-048285044BEC",
"versionEndIncluding": "4.1.2",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF27FD8-EBBC-4E39-BD10-DEC348FA133D",
"versionEndIncluding": "4.2.4",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1ABF1F-B92A-4220-8961-EED540FDD0B0",
"versionEndIncluding": "4.3.2",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A66BFC9-7797-4B9E-BB5B-93A4C314A8C4",
"versionEndIncluding": "5.0.2",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7CD4E8F-D453-4BA1-A63E-ADFFAA2882D5",
"versionEndIncluding": "5.1.4",
"versionStartIncluding": "5.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A873DA64-2E8F-4BF4-B6D3-A2BAEF23341C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n Eval en la biblioteca lib/TWiki/Plugins.pm en TWiki versiones anteriores a 6.0.1, permite a atacantes remotos ejecutar c\u00f3digo de Perl arbitrario por medio del par\u00e1metro debugenableplugins en el archivo do/view/Main/WebHome."
}
],
"id": "CVE-2014-7236",
"lastModified": "2024-11-21T02:16:35.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-17T22:15:11.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/44"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70372"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/128623/Twiki-Perl-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/44"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/70372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030981"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-16 20:03
Modified
2025-04-03 01:03
Severity ?
Summary
The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=112680475417550&w=2 | ||
| cve@mitre.org | http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/757181 | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.securityfocus.com/bid/14834 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=112680475417550&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/757181 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/14834 | Exploit, Patch |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:2000-12-01:*:*:*:*:*:*:*",
"matchCriteriaId": "89599BC3-E1D8-4670-9321-F63A788096A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2001-12-01:*:*:*:*:*:*:*",
"matchCriteriaId": "23CC3B43-A77A-471E-A0ED-E91E53C2400C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2003-02-01:*:*:*:*:*:*:*",
"matchCriteriaId": "374ADC0F-0EE2-4DEC-8A37-5F5F15C8137A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2004-09-01:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC5965A-BFC8-42B3-AF13-28E097381E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2004-09-02:*:*:*:*:*:*:*",
"matchCriteriaId": "C94AFFF9-5951-43A9-8018-B10C3F097CE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers."
}
],
"id": "CVE-2005-2877",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-16T20:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112680475417550\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/757181"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/14834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112680475417550\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/757181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/14834"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-10 00:30
Modified
2025-04-09 00:30
Severity ?
Summary
Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67914289-4064-45AD-9E75-362225F928AA",
"versionEndIncluding": "4.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F893E121-82FA-41C8-9BA4-606E6DA01408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47807C3A-8430-48E3-A7C8-C5A1FEDF84C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "620356EA-F106-41DF-AADA-C1EF5A5A0829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "979D8BC8-0032-496F-9503-F3BBBC8FA7CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0804FF93-6554-4F56-9974-017198ED5F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "41445C95-0309-4B90-B725-87D2FE87C9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9996E5B-36AD-407F-B3B6-839CE8E5913E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "748325A4-A237-498A-A185-905FC921D2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE3EEC6-7E05-4A37-97AA-D73E7D7A0E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "855671F5-C215-4382-B512-4ABD9D66F13D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C00515-CFEE-427A-BACE-B3140B0D6C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CF4F9B-7ADF-47A2-A556-10CCF7401DA9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n \"eval\" en TWiki y versiones anteriores a 4.2.4 que permite a los atacantes remotos ejecutar arbitrariamente c\u00f3digo Perl a trav\u00e9s de la variable %SEARCH{}%."
}
],
"id": "CVE-2008-5305",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-10T00:30:00.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33040"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1021352"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32668"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1021352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3381"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-07 17:00
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. NOTE: this issue exists because of an insufficient fix for CVE-2009-1339.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| twiki | twiki | * | |
| twiki | twiki | 4.0.0 | |
| twiki | twiki | 4.0.1 | |
| twiki | twiki | 4.0.2 | |
| twiki | twiki | 4.0.3 | |
| twiki | twiki | 4.0.4 | |
| twiki | twiki | 4.0.5 | |
| twiki | twiki | 4.1.0 | |
| twiki | twiki | 4.1.1 | |
| twiki | twiki | 4.1.2 | |
| twiki | twiki | 4.2.0 | |
| twiki | twiki | 4.2.1 | |
| twiki | twiki | 4.2.2 | |
| twiki | twiki | 4.2.3 | |
| twiki | twiki | 4.2.4 | |
| twiki | twiki | 4.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C548C1F-E9DE-448C-ABA6-A8C8B5B77234",
"versionEndIncluding": "4.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F893E121-82FA-41C8-9BA4-606E6DA01408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47807C3A-8430-48E3-A7C8-C5A1FEDF84C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "620356EA-F106-41DF-AADA-C1EF5A5A0829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "979D8BC8-0032-496F-9503-F3BBBC8FA7CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0804FF93-6554-4F56-9974-017198ED5F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "41445C95-0309-4B90-B725-87D2FE87C9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9996E5B-36AD-407F-B3B6-839CE8E5913E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "748325A4-A237-498A-A185-905FC921D2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE3EEC6-7E05-4A37-97AA-D73E7D7A0E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "855671F5-C215-4382-B512-4ABD9D66F13D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C00515-CFEE-427A-BACE-B3140B0D6C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CF4F9B-7ADF-47A2-A556-10CCF7401DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "81DDB420-E707-4319-8395-531FC0D84E5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7A5A57-AE7D-4D3E-A280-41676F355AEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "710F8276-1147-4EAD-9C34-5F2FEE636F8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submit method in the onload attribute of a BODY element. NOTE: this issue exists because of an insufficient fix for CVE-2009-1339."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en TWiki antes de v4.3.2 permite a atacantes remotos secuestrar la autenticaci\u00f3n de cualquier usuario que soliciten actualizar una p\u00e1gina, como lo demuestra una direcci\u00f3n URL para guardar un script en el atributo ACTION de un elemento FORM, junto con una llamada al m\u00e9todo submit en el atributo onload de un elemento BODY. NOTA: este problema existe debido a una resoluci\u00f3n incompleta al CVE-2009-1339."
}
],
"id": "CVE-2009-4898",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-09-07T17:00:01.747",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAuditTokenBasedCsrfFix"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/08/02/17"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/08/03/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAuditTokenBasedCsrfFix"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/08/02/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/08/03/8"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-01 13:15
Modified
2024-11-21 00:01
Severity ?
Summary
TWiki allows arbitrary shell command execution via the Include function
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330733 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2005-3056 | Third Party Advisory | |
| cve@mitre.org | https://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330733 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2005-3056 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:20040902-3:*:*:*:*:*:*:*",
"matchCriteriaId": "1067AE29-BF5D-42C6-9B70-F7FAC3763F4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TWiki allows arbitrary shell command execution via the Include function"
},
{
"lang": "es",
"value": "Twiki, permite una ejecuci\u00f3n de comandos de shell arbitraria por medio de la funci\u00f3n Include"
}
],
"id": "CVE-2005-3056",
"lastModified": "2024-11-21T00:01:01.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-01T13:15:11.167",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330733"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2005-3056"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2005-3056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithInclude"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-27 01:04
Modified
2025-04-03 01:03
Severity ?
Summary
Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF".
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E0A8F3-02EE-4A6D-BAAC-1D52DF063197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F893E121-82FA-41C8-9BA4-606E6DA01408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47807C3A-8430-48E3-A7C8-C5A1FEDF84C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "620356EA-F106-41DF-AADA-C1EF5A5A0829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "979D8BC8-0032-496F-9503-F3BBBC8FA7CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0804FF93-6554-4F56-9974-017198ED5F44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with \"TYPEOF\"."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n en eval (evaluaci\u00f3n directa de c\u00f3digo din\u00e1mico) en la secuencia de comandos de configuraci\u00f3n en TWiki 4.0.0 hasta 4.0.4 permite a atacantes remotos ejecutar c\u00f3digo Perl de su elecci\u00f3n mediante una petici\u00f3n HTTP POST que contiene un par\u00e1metro nombre (name) que empieza por \"TYPEOF\"."
}
],
"id": "CVE-2006-3819",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-27T01:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21235"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016603"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertCmdExecWithConfigure"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=27556"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19188"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2995"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertCmdExecWithConfigure"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=27556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28049"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-07 19:36
Modified
2025-04-09 00:30
Severity ?
Summary
postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE3EEC6-7E05-4A37-97AA-D73E7D7A0E01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating \"this bug is invalid."
},
{
"lang": "es",
"value": "** DISPUTADA ** postinst en twiki v.4.1.2 permite a usuarios locales sobrescribir ficheros de su elecci\u00f3n a trav\u00e9s de un ataque de enlace simb\u00f3lico al fichero temporal /tmp/twiki. NOTA: El fabricantes ha disputado esta vulnerabilidad, manteniendo \"este error es inv\u00e1lido\"."
}
],
"id": "CVE-2008-4998",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-07T19:36:24.070",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494648"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235802"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-07 22:15
Modified
2024-11-21 01:50
Severity ?
Summary
TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securitytracker.com/id/1028149 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2013-1751 | Third Party Advisory | |
| cve@mitre.org | https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1028149 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2013-1751 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751 | Mitigation, Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8F4495C-AC9D-47C0-945D-AA0F57E3CE06",
"versionEndExcluding": "5.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted \u0027%MAKETEXT{}%\u0027 parameter value containing Perl backtick characters."
},
{
"lang": "es",
"value": "TWiki versiones anteriores a 5.1.4, permite a atacantes remotos ejecutar comandos de shell arbitrarios mediante el env\u00edo de un valor del par\u00e1metro \"%MAKETEXT{}%\" dise\u00f1ado que contiene caracteres Perl backtick."
}
],
"id": "CVE-2013-1751",
"lastModified": "2024-11-21T01:50:19.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-07T22:15:10.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1028149"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1751"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1028149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-26 22:02
Modified
2025-04-03 01:03
Severity ?
Summary
TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE by URL statements that form a loop, such as a page that includes itself.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E0A8F3-02EE-4A6D-BAAC-1D52DF063197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47807C3A-8430-48E3-A7C8-C5A1FEDF84C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2001-09-01:*:*:*:*:*:*:*",
"matchCriteriaId": "354C8BA8-603D-4556-8C4C-39DEE4891719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2001-12-01:*:*:*:*:*:*:*",
"matchCriteriaId": "23CC3B43-A77A-471E-A0ED-E91E53C2400C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2003-02-01:*:*:*:*:*:*:*",
"matchCriteriaId": "374ADC0F-0EE2-4DEC-8A37-5F5F15C8137A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2004-09-01:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC5965A-BFC8-42B3-AF13-28E097381E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2004-09-02:*:*:*:*:*:*:*",
"matchCriteriaId": "C94AFFF9-5951-43A9-8018-B10C3F097CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2004-09-03:*:*:*:*:*:*:*",
"matchCriteriaId": "5F823DF7-B38E-4FBF-8D9A-C1B49FC237BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2004-09-04:*:*:*:*:*:*:*",
"matchCriteriaId": "FFA8E461-0CAA-4B44-8BCC-21CD8E1A6A41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE by URL statements that form a loop, such as a page that includes itself."
}
],
"id": "CVE-2006-1387",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-26T22:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19410"
},
{
"source": "cve@mitre.org",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAdvisoryDosAttackWithInclude"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17267"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1116"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAdvisoryDosAttackWithInclude"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25445"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-18 17:00
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| twiki | twiki | * | |
| twiki | twiki | 4.0.0 | |
| twiki | twiki | 4.0.1 | |
| twiki | twiki | 4.0.2 | |
| twiki | twiki | 4.0.3 | |
| twiki | twiki | 4.0.4 | |
| twiki | twiki | 4.0.5 | |
| twiki | twiki | 4.1.0 | |
| twiki | twiki | 4.1.1 | |
| twiki | twiki | 4.1.2 | |
| twiki | twiki | 4.2.2 | |
| twiki | twiki | 4.2.3 | |
| twiki | twiki | 4.2.4 | |
| twiki | twiki | 4.3.0 | |
| twiki | twiki | 4.3.1 | |
| twiki | twiki | 4.3.2 | |
| twiki | twiki | 2000-12-01 | |
| twiki | twiki | 2001-09-01 | |
| twiki | twiki | 2001-12-01 | |
| twiki | twiki | 2003-02-01 | |
| twiki | twiki | 2004-09-01 | |
| twiki | twiki | 2004-09-02 | |
| twiki | twiki | 2004-09-03 | |
| twiki | twiki | 2004-09-04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB3542-A00F-49B5-B38D-196E0FA8C8E7",
"versionEndIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F893E121-82FA-41C8-9BA4-606E6DA01408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47807C3A-8430-48E3-A7C8-C5A1FEDF84C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "620356EA-F106-41DF-AADA-C1EF5A5A0829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "979D8BC8-0032-496F-9503-F3BBBC8FA7CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0804FF93-6554-4F56-9974-017198ED5F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "41445C95-0309-4B90-B725-87D2FE87C9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9996E5B-36AD-407F-B3B6-839CE8E5913E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "748325A4-A237-498A-A185-905FC921D2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE3EEC6-7E05-4A37-97AA-D73E7D7A0E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CF4F9B-7ADF-47A2-A556-10CCF7401DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "81DDB420-E707-4319-8395-531FC0D84E5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7A5A57-AE7D-4D3E-A280-41676F355AEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "710F8276-1147-4EAD-9C34-5F2FEE636F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7698E4-32E0-4228-94C7-83E5E7CF83E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CBEFD95-CB78-4C25-BB41-EB96C780F2F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2000-12-01:*:*:*:*:*:*:*",
"matchCriteriaId": "89599BC3-E1D8-4670-9321-F63A788096A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2001-09-01:*:*:*:*:*:*:*",
"matchCriteriaId": "354C8BA8-603D-4556-8C4C-39DEE4891719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2001-12-01:*:*:*:*:*:*:*",
"matchCriteriaId": "23CC3B43-A77A-471E-A0ED-E91E53C2400C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2003-02-01:*:*:*:*:*:*:*",
"matchCriteriaId": "374ADC0F-0EE2-4DEC-8A37-5F5F15C8137A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2004-09-01:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC5965A-BFC8-42B3-AF13-28E097381E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2004-09-02:*:*:*:*:*:*:*",
"matchCriteriaId": "C94AFFF9-5951-43A9-8018-B10C3F097CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2004-09-03:*:*:*:*:*:*:*",
"matchCriteriaId": "5F823DF7-B38E-4FBF-8D9A-C1B49FC237BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2004-09-04:*:*:*:*:*:*:*",
"matchCriteriaId": "FFA8E461-0CAA-4B44-8BCC-21CD8E1A6A41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en lib/TWiki.pm de TWiki en versiones anteriores a la v5.0.1 permiten a atacantes remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de (1) el par\u00e1metro rev al script view o (2) la cadena de consulta del script de login."
}
],
"id": "CVE-2010-3841",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-10-18T17:00:04.063",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41796"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2010-3841"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/44103"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2010-3841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/44103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62557"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-08 22:28
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F893E121-82FA-41C8-9BA4-606E6DA01408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47807C3A-8430-48E3-A7C8-C5A1FEDF84C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "620356EA-F106-41DF-AADA-C1EF5A5A0829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "979D8BC8-0032-496F-9503-F3BBBC8FA7CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0804FF93-6554-4F56-9974-017198ED5F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "41445C95-0309-4B90-B725-87D2FE87C9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9996E5B-36AD-407F-B3B6-839CE8E5913E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Twiki 4.0.0 hasta 4.1.0 permite a usuarios locales ejecutar c\u00f3digo Perl de su elecci\u00f3n mediante vectores desconocidos referidos a ficheros de sesi\u00f3n CGI."
}
],
"id": "CVE-2007-0669",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-08T22:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0033.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33168"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24091"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2007-0669"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/584436"
},
{
"source": "cve@mitre.org",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.009.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22378"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0544"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2007-0669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/584436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32389"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-10 00:30
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| twiki | twiki | * | |
| twiki | twiki | 4.0.0 | |
| twiki | twiki | 4.0.1 | |
| twiki | twiki | 4.0.2 | |
| twiki | twiki | 4.0.3 | |
| twiki | twiki | 4.0.4 | |
| twiki | twiki | 4.0.5 | |
| twiki | twiki | 4.1.0 | |
| twiki | twiki | 4.1.1 | |
| twiki | twiki | 4.1.2 | |
| twiki | twiki | 4.2.0 | |
| twiki | twiki | 4.2.1 | |
| twiki | twiki | 4.2.2 | |
| twiki | twiki | 2000-12-01 | |
| twiki | twiki | 2001-09-01 | |
| twiki | twiki | 2001-12-01 | |
| twiki | twiki | 2003-02-01 | |
| twiki | twiki | 2004-09-01 | |
| twiki | twiki | 2004-09-02 | |
| twiki | twiki | 2004-09-03 | |
| twiki | twiki | 2004-09-04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67914289-4064-45AD-9E75-362225F928AA",
"versionEndIncluding": "4.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F893E121-82FA-41C8-9BA4-606E6DA01408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47807C3A-8430-48E3-A7C8-C5A1FEDF84C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "620356EA-F106-41DF-AADA-C1EF5A5A0829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "979D8BC8-0032-496F-9503-F3BBBC8FA7CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0804FF93-6554-4F56-9974-017198ED5F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "41445C95-0309-4B90-B725-87D2FE87C9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9996E5B-36AD-407F-B3B6-839CE8E5913E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "748325A4-A237-498A-A185-905FC921D2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE3EEC6-7E05-4A37-97AA-D73E7D7A0E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "855671F5-C215-4382-B512-4ABD9D66F13D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C00515-CFEE-427A-BACE-B3140B0D6C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CF4F9B-7ADF-47A2-A556-10CCF7401DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2000-12-01:*:*:*:*:*:*:*",
"matchCriteriaId": "89599BC3-E1D8-4670-9321-F63A788096A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2001-09-01:*:*:*:*:*:*:*",
"matchCriteriaId": "354C8BA8-603D-4556-8C4C-39DEE4891719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2001-12-01:*:*:*:*:*:*:*",
"matchCriteriaId": "23CC3B43-A77A-471E-A0ED-E91E53C2400C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2003-02-01:*:*:*:*:*:*:*",
"matchCriteriaId": "374ADC0F-0EE2-4DEC-8A37-5F5F15C8137A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2004-09-01:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC5965A-BFC8-42B3-AF13-28E097381E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2004-09-02:*:*:*:*:*:*:*",
"matchCriteriaId": "C94AFFF9-5951-43A9-8018-B10C3F097CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2004-09-03:*:*:*:*:*:*:*",
"matchCriteriaId": "5F823DF7-B38E-4FBF-8D9A-C1B49FC237BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:2004-09-04:*:*:*:*:*:*:*",
"matchCriteriaId": "FFA8E461-0CAA-4B44-8BCC-21CD8E1A6A41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en TWiki anterior a v4.2.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de la variable %URLPARAM{}%."
}
],
"id": "CVE-2008-5304",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-12-10T00:30:00.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33040"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1021351"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5304"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32669"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3381"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1021351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47122"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-04 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| twiki | twiki | * | |
| twiki | twiki | 5.1.0 | |
| twiki | twiki | 5.1.1 | |
| foswiki | foswiki | 1.0.0 | |
| foswiki | foswiki | 1.0.1 | |
| foswiki | foswiki | 1.0.2 | |
| foswiki | foswiki | 1.0.3 | |
| foswiki | foswiki | 1.0.4 | |
| foswiki | foswiki | 1.0.10 | |
| foswiki | foswiki | 1.1.0 | |
| foswiki | foswiki | 1.1.1 | |
| foswiki | foswiki | 1.1.2 | |
| foswiki | foswiki | 1.1.3 | |
| foswiki | foswiki | 1.1.4 | |
| foswiki | foswiki | 1.1.5 | |
| foswiki | foswiki | 1.1.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D4B535-185E-4AE2-AFC1-212D520E859D",
"versionEndIncluding": "5.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07BBEFE6-5F18-4663-B324-1C2A9AE9DBEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7962DD6F-7915-4790-BA93-7019014BD8F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0B6551-9ED0-4D32-A9DC-C1167550ECED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9280019F-EBB1-476A-BF19-B9B2FA5F929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE5ADD0-893A-4E5E-AF4D-550562338FB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46521E63-4714-4464-AA2F-91E3DC892389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "711FE886-F31B-4931-92A5-739001A8EFBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "86B3A5FB-EF9D-443E-9626-00A0C157D779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C38025-5D6C-4862-879A-B6BB489AD9E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F126547D-222B-4671-93CF-4F8E0124DA8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6EA3C8-6739-43D8-981D-D4A1799B5C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE81899-0502-4BFB-91B6-D5E321817022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "345AD50C-E933-4311-9925-798302D121AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "52934CA5-415D-4A65-9194-896012A1A2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:foswiki:foswiki:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE21744-59DC-44C0-B33E-94942B1911DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro."
},
{
"lang": "es",
"value": "La funcionalidad de localizaci\u00f3n en TWiki anteriores a v5.1.3, y Foswiki v1.0.x hasta v1.0.10 y v1.1.x hasta v1.1.6, permite a atacantes remotos a provocar una denegaci\u00f3n de servicio (consumo de memoria)a trav\u00e9s de un entero largo en una macro %MAKETEXT%."
}
],
"id": "CVE-2012-6330",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-04T21:55:01.773",
"references": [
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/56950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56950"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 16:00
Modified
2024-11-21 04:01
Severity ?
Summary
bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/151028/TWiki-6.0.2-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Jan/7 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://twiki.org/cgi-bin/view/Codev/DownloadTWiki | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/151028/TWiki-6.0.2-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Jan/7 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://twiki.org/cgi-bin/view/Codev/DownloadTWiki | Product, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "592A9955-E098-435C-A287-76F2E11E8011",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter."
},
{
"lang": "es",
"value": "bin/statistics en TWiki 6.0.2 permite Cross-Site Scripting (XSS) mediante el par\u00e1metro webs."
}
],
"id": "CVE-2018-20212",
"lastModified": "2024-11-21T04:01:05.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:00:35.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151028/TWiki-6.0.2-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/DownloadTWiki"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151028/TWiki-6.0.2-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/DownloadTWiki"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-20 18:02
Modified
2025-04-03 01:03
Severity ?
Summary
TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F893E121-82FA-41C8-9BA4-606E6DA01408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47807C3A-8430-48E3-A7C8-C5A1FEDF84C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "620356EA-F106-41DF-AADA-C1EF5A5A0829",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user\u0027s login name with the WikiName of a member of the TWikiAdminGroup."
},
{
"lang": "es",
"value": "TWiki 4.0.0, 4.0.1 y 4.0.2 permite a atacantes remotos obtener privielgios de administrador de Twiki a trav\u00e9s de un formulario TWiki.TWikiRegistration con un atributo de acci\u00f3n modificado que hace referencia a la Sandbox web en lugar de la user web, lo que puede ser utilizado para asociar el nombre de inicio de sesi\u00f3n de un usuario con el WikiName de un miembro de TWikiAdminGroup."
}
],
"evaluatorSolution": "Successful exploitation requires that the \"MapUserToWikiName\" setting is enabled.",
"id": "CVE-2006-2942",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-20T18:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0032.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20596"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016323"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4PrivilegeElevation"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26623"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18506"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2415"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4PrivilegeElevation"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27336"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-20 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| twiki | twiki | * | |
| twiki | twiki | 4.0.0 | |
| twiki | twiki | 4.0.1 | |
| twiki | twiki | 4.0.2 | |
| twiki | twiki | 4.0.3 | |
| twiki | twiki | 4.0.4 | |
| twiki | twiki | 4.0.5 | |
| twiki | twiki | 4.1.0 | |
| twiki | twiki | 4.1.1 | |
| twiki | twiki | 4.1.2 | |
| twiki | twiki | 4.2.0 | |
| twiki | twiki | 4.2.1 | |
| twiki | twiki | 4.2.2 | |
| twiki | twiki | 4.2.3 | |
| twiki | twiki | 4.2.4 | |
| twiki | twiki | 4.3.0 | |
| twiki | twiki | 4.3.1 | |
| twiki | twiki | 4.3.2 | |
| twiki | twiki | 4.5.0 | |
| twiki | twiki | 5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DE5ACDB-2AEF-4EF1-BADD-657E550CFB5C",
"versionEndIncluding": "5.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F893E121-82FA-41C8-9BA4-606E6DA01408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47807C3A-8430-48E3-A7C8-C5A1FEDF84C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "620356EA-F106-41DF-AADA-C1EF5A5A0829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "979D8BC8-0032-496F-9503-F3BBBC8FA7CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0804FF93-6554-4F56-9974-017198ED5F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "41445C95-0309-4B90-B725-87D2FE87C9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9996E5B-36AD-407F-B3B6-839CE8E5913E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "748325A4-A237-498A-A185-905FC921D2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE3EEC6-7E05-4A37-97AA-D73E7D7A0E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "855671F5-C215-4382-B512-4ABD9D66F13D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C00515-CFEE-427A-BACE-B3140B0D6C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CF4F9B-7ADF-47A2-A556-10CCF7401DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "81DDB420-E707-4319-8395-531FC0D84E5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7A5A57-AE7D-4D3E-A280-41676F355AEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "710F8276-1147-4EAD-9C34-5F2FEE636F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7698E4-32E0-4228-94C7-83E5E7CF83E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CBEFD95-CB78-4C25-BB41-EB96C780F2F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F86AFE25-8C05-4F08-A7C1-3850EE930A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7FBAAC5C-F240-4292-98C3-79D9C23FC021",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en TemplateLogin.pm en TWiki antes de v5.0.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"origurl\" hacia una secuencia de comandos de (1) vista o (2) login."
}
],
"id": "CVE-2011-1838",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-05-20T22:55:05.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44594"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8257"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1025542"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-1838"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Twiki/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/518038/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47899"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-1838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.mavitunasecurity.com/XSS-vulnerability-in-Twiki/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/518038/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1258"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-26 22:02
Modified
2025-04-03 01:03
Severity ?
Summary
The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E0A8F3-02EE-4A6D-BAAC-1D52DF063197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47807C3A-8430-48E3-A7C8-C5A1FEDF84C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics."
}
],
"id": "CVE-2006-1386",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-26T22:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19410"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015843"
},
{
"source": "cve@mitre.org",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17268"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1116"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25444"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-30 10:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| twiki | twiki | * | |
| twiki | twiki | 4.0 | |
| twiki | twiki | 4.0.0 | |
| twiki | twiki | 4.0.1 | |
| twiki | twiki | 4.0.2 | |
| twiki | twiki | 4.0.3 | |
| twiki | twiki | 4.0.4 | |
| twiki | twiki | 4.0.5 | |
| twiki | twiki | 4.1.0 | |
| twiki | twiki | 4.1.1 | |
| twiki | twiki | 4.1.2 | |
| twiki | twiki | 4.2.0 | |
| twiki | twiki | 4.2.1 | |
| twiki | twiki | 4.2.2 | |
| twiki | twiki | 4.2.3 | |
| twiki | twiki | 4.2.4 | |
| twiki | twiki | 4.3.0 | |
| twiki | twiki | 4.3.2 | |
| twiki | twiki | 4.5.0 | |
| twiki | twiki | 5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:twiki:twiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DE5ACDB-2AEF-4EF1-BADD-657E550CFB5C",
"versionEndIncluding": "5.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E0A8F3-02EE-4A6D-BAAC-1D52DF063197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F893E121-82FA-41C8-9BA4-606E6DA01408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47807C3A-8430-48E3-A7C8-C5A1FEDF84C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "620356EA-F106-41DF-AADA-C1EF5A5A0829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "979D8BC8-0032-496F-9503-F3BBBC8FA7CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0804FF93-6554-4F56-9974-017198ED5F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "41445C95-0309-4B90-B725-87D2FE87C9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9996E5B-36AD-407F-B3B6-839CE8E5913E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "748325A4-A237-498A-A185-905FC921D2A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE3EEC6-7E05-4A37-97AA-D73E7D7A0E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "855671F5-C215-4382-B512-4ABD9D66F13D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C00515-CFEE-427A-BACE-B3140B0D6C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9CF4F9B-7ADF-47A2-A556-10CCF7401DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "81DDB420-E707-4319-8395-531FC0D84E5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D7A5A57-AE7D-4D3E-A280-41676F355AEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "710F8276-1147-4EAD-9C34-5F2FEE636F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CBEFD95-CB78-4C25-BB41-EB96C780F2F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F86AFE25-8C05-4F08-A7C1-3850EE930A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:twiki:twiki:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7FBAAC5C-F240-4292-98C3-79D9C23FC021",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en TWiki antes de v5.1.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) el par\u00e1metro newtopic en una acci\u00f3n WebCreateNewTopic, relacionado con TWiki.WebCreateNewTopicTemplate; o (2) la cadena de consulta a SlideShow.pm en el SlideShadowPlugin."
}
],
"id": "CVE-2011-3010",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-09-30T10:55:04.163",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0142.html"
},
{
"source": "cve@mitre.org",
"url": "http://develop.twiki.org/trac/changeset/21920"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/46123"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1026091"
},
{
"source": "cve@mitre.org",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010"
},
{
"source": "cve@mitre.org",
"url": "http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/75673"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/75674"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/49746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0142.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://develop.twiki.org/trac/changeset/21920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1026091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/75673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/75674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49746"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}