VuXML ID | Description |
7580f00e-280c-11e0-b7c8-00215c6a37bb | dokuwiki -- multiple privilege escalation vulnerabilities
Dokuwiki reports:
This security update fixes problems in the XMLRPC
interface where ACLs where not checked correctly
sometimes, making it possible to access and write
information that should not have been accessible/writable.
This only affects users who have enabled the XMLRPC
interface (default is off) and have enabled XMLRPC
access for users who can't access/write all content
anyway (default is nobody, see http://www.dokuwiki.org/config:xmlrpcuser
for details).
This update also includes a fix for a problem in
the general ACL checking function that could be exploited
to gain access to restricted pages and media files in rare
conditions (when you had rights for an id you could get
the same rights on ids where one character has been
replaced by a ".").
Discovery 2011-01-16 Entry 2011-01-24 dokuwiki
< 20101107a
http://bugs.dokuwiki.org/index.php?do=details&task_id=2136
|
fcba5764-506a-11db-a5ae-00508d6a62df | dokuwiki -- multiple vulnerabilities
Secunia reports:
rgod has discovered a vulnerability in DokuWiki, which can
be exploited by malicious people to compromise a vulnerable
system.
Input passed to the "TARGET_FN" parameter in
bin/dwpage.php is not properly sanitised before being used
to copy files. This can be exploited via directory
traversal attacks in combination with DokuWiki's file
upload feature to execute arbitrary PHP code.
CVE Mitre reports:
Direct static code injection vulnerability in doku.php in
DokuWiki before 2006-03-09c allows remote attackers to
execute arbitrary PHP code via the X-FORWARDED-FOR HTTP
header, which is stored in config.php.
Unrestricted file upload vulnerability in
lib/exe/media.php in DokuWiki before 2006-03-09c allows
remote attackers to upload executable files into the
data/media folder via unspecified vectors.
DokuWiki before 2006-03-09c enables the debug feature by
default, which allows remote attackers to obtain sensitive
information by calling doku.php with the X-DOKUWIKI-DO HTTP
header set to "debug".
Discovery 2006-09-08 Entry 2006-09-30 Modified 2006-10-02 dokuwiki
< 20060309c
dokuwiki-devel
< 20060909
19911
CVE-2006-4674
CVE-2006-4675
CVE-2006-4679
http://secunia.com/advisories/21819/
http://bugs.splitbrain.org/index.php?do=details&id=906
|
0b535cd0-9b90-11e0-800a-00215c6a37bb | Dokuwiki -- cross site scripting vulnerability
Dokuwiki reports:
We just released a Hotfix Release "2011-05-25a Rincewind".
It contains the following changes:
Security fix for a Cross Site Scripting vulnerability.
Malicious users could abuse DokuWiki's RSS embedding mechanism
to create links containing arbitrary JavaScript. Note: this
security problem is present in at least Anteater and Rincewind
but probably in older releases as well.
Discovery 2011-06-14 Entry 2011-06-20 dokuwiki
< 20110525a
http://www.freelists.org/post/dokuwiki/Hotfix-Release-20110525a-Rincewind
|
2fe4b57f-d110-11e1-ac76-10bf48230856 | Dokuwiki -- cross site scripting vulnerability
Secunia Research reports:
Secunia Research has discovered a vulnerability in DokuWiki, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Input passed to the "ns" POST parameter in lib/exe/ajax.php (when "call"
is set to "medialist" and "do" is set to "media") is not properly
sanitised within the "tpl_mediaFileList()" function in inc/template.php
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site.
Discovery 2012-07-13 Entry 2012-07-18 dokuwiki
< 20120125_2
http://secunia.com/advisories/49196/
CVE-2012-0283
|
450b76ee-5068-11db-a5ae-00508d6a62df | dokuwiki -- multiple vulnerabilities
Secunia reports:
Some vulnerabilities have been reported in DokuWiki, which
can be exploited by malicious people to cause a DoS (Denial
of Service) or potentially compromise a vulnerable system.
Input passed to the "w" and "h" parameters in
lib/exec/fetch.php is not properly sanitised before being
passed as resize parameters to the "convert" application.
This can be exploited to cause a DoS due to excessive CPU
and memory consumption by passing very large numbers, or to
inject arbitrary shell commands by passing specially
crafted strings to the "w" and "h" parameter.
Successful exploitation requires that the
"$conf[imconvert]" option is set.
Discovery 2006-09-26 Entry 2006-09-30 Modified 2006-10-02 dokuwiki
< 20060309_5
dokuwiki-devel
< 20060609_2
CVE-2006-5098
CVE-2006-5099
http://secunia.com/advisories/22192/
http://secunia.com/advisories/22199/
http://bugs.splitbrain.org/?do=details&id=924
http://bugs.splitbrain.org/?do=details&id=926
|
4f838b74-50a1-11de-b01f-001c2514716c | dokuwiki -- Local File Inclusion with register_globals on
DokuWiki reports:
A security hole was discovered which allows an attacker
to include arbitrary files located on the attacked DokuWiki
installation. The included file is executed in the PHP context.
This can be escalated by introducing malicious code through
uploading file via the media manager or placing PHP code in
editable pages.
Discovery 2009-05-26 Entry 2009-06-04 Modified 2010-05-02 dokuwiki
< 20090214_2
dokuwiki-devel
gt 0
CVE-2009-1960
http://bugs.splitbrain.org/index.php?do=details&task_id=1700
|
cddde37a-39b5-11dc-b3da-001921ab2fa4 | dokuwiki -- XSS vulnerability in spellchecker backend
DokuWiki reports:
The spellchecker tests the UTF-8 capabilities of the used browser
by sending an UTF-8 string to the backend, which will send it back
unfiltered. By comparing string length the spellchecker can work
around broken implementations. An attacker could construct a form to
let users send JavaScript to the spellchecker backend, resulting in
malicious JavaScript being executed in their browser.
Affected are all versions up to and including 2007-06-26 even when
the spell checker is disabled.
Discovery 2007-06-26 Entry 2007-07-24 dokuwiki
< 20070626_1
dokuwiki-devel
< 20070524_1
http://xforce.iss.net/xforce/xfdb/35501
CVE-2007-3930
|
848539dc-0458-11df-8dd7-002170daae37 | dokuwiki -- multiple vulnerabilities
Dokuwiki reports:
The plugin does no checks against cross-site request
forgeries (CSRF) which can be exploited to e.g. change
the access control rules by tricking a logged in
administrator into visiting a malicious web site.
The bug allows listing the names of arbitrary file on
the webserver - not their contents. This could leak
private information about wiki pages and server structure.
Discovery 2010-01-17 Entry 2010-01-18 Modified 2010-05-02 dokuwiki
< 20091225_2
CVE-2010-0288
CVE-2010-0287
CVE-2010-0289
http://bugs.splitbrain.org/index.php?do=details&task_id=1847
http://bugs.splitbrain.org/index.php?do=details&task_id=1853
|
a04247f1-8d9c-11e1-93c7-00215c6a37bb | Dokuwiki -- cross site scripting vulnerability
Andy Webber reports:
Add User appears to be vulnerable to Cross Site Request Forgery (CSRF/XSRF).
Discovery 2012-04-17 Entry 2012-04-23 dokuwiki
< 20120125_1
CVE-2012-2128
CVE-2012-2129
|
23573650-f99a-11da-994e-00142a5f241c | dokuwiki -- multiple vulnerabilities
Multiple vulnerabilities have been reported within dokuwiki.
dokuwiki is proven vulnerable to:
- arbitrary PHP code insertion via spellcheck module,
- XSS attack via "Update your account profile,"
- bypassing of ACL controls when enabled.
Discovery 2006-05-31 Entry 2006-06-11 Modified 2006-06-12 dokuwiki
< 20060309_2
http://bugs.splitbrain.org/index.php?do=details&id=820
http://bugs.splitbrain.org/index.php?do=details&id=823
http://bugs.splitbrain.org/index.php?do=details&id=825
|
af8dba15-f4cc-11da-87a1-000c6ec775d9 | dokuwiki -- spellchecker remote PHP code execution
Stefan Esser reports:
During the evaluation of DokuWiki for a german/korean
wiki of mine a flaw in DokuWiki's spellchecker was
discovered, that allows injecting arbitrary PHP commands,
by requesting a spellcheck on PHP commands in 'complex
curly syntax'.
Because the spellchecker is written as part of the AJAX
functionality of DokuWiki, it can be directly called by
any website visitor, without the need for a wiki
account.
Discovery 2006-06-05 Entry 2006-06-05 dokuwiki
< 20060309_1
http://www.hardened-php.net/advisory_042006.119.html
http://bugs.splitbrain.org/index.php?do=details&id=823
http://secunia.com/advisories/20429/
|