ID OPENVAS:136141256231064004 Type openvas Reporter Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com Modified 2018-04-06T00:00:00
Description
The remote host is missing an update to the system
as announced in the referenced advisory.
#
#VID bfe218a5-4218-11de-b67a-0030843d3802
# OpenVAS Vulnerability Test
# $
# Description: Auto generated from VID bfe218a5-4218-11de-b67a-0030843d3802
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "The following package is affected: moinmoin
CVE-2009-1482
Multiple cross-site scripting (XSS) vulnerabilities in
action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote
attackers to inject arbitrary web script or HTML via (1) an AttachFile
sub-action in the error_msg function or (2) multiple vectors related
to package file errors in the upload_form function, different vectors
than CVE-2009-0260.";
tag_solution = "Update your system with the appropriate patches or
software upgrades.
http://secunia.com/advisories/34821/
http://moinmo.in/SecurityFixes
http://www.vuxml.org/freebsd/bfe218a5-4218-11de-b67a-0030843d3802.html";
tag_summary = "The remote host is missing an update to the system
as announced in the referenced advisory.";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.64004");
script_version("$Revision: 9350 $");
script_tag(name:"last_modification", value:"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $");
script_tag(name:"creation_date", value:"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)");
script_cve_id("CVE-2009-1482");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_name("FreeBSD Ports: moinmoin");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
script_family("FreeBSD Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/freebsdrel", "login/SSH/success");
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-bsd.inc");
txt = "";
vuln = 0;
bver = portver(pkg:"moinmoin");
if(!isnull(bver) && revcomp(a:bver, b:"1.8.3")<0) {
txt += 'Package moinmoin version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = 1;
}
if(vuln) {
security_message(data:string(txt));
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:136141256231064004", "type": "openvas", "bulletinFamily": "scanner", "title": "FreeBSD Ports: moinmoin", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2009-05-20T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/", "score": 4.3}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064004", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2009-1482", "CVE-2009-0260"], "lastseen": "2018-04-06T11:39:47", "viewCount": 1, "enchantments": {"score": {"value": 6.2, "vector": "NONE", "modified": "2018-04-06T11:39:47", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-0260", "CVE-2009-1482"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231063956", "OPENVAS:64004", "OPENVAS:63311", "OPENVAS:64008", "OPENVAS:63956", "OPENVAS:136141256231064410", "OPENVAS:63301", "OPENVAS:136141256231063301", "OPENVAS:136141256231063311", "OPENVAS:136141256231064008"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_6A523DBAEEAB11DDAB4F0030843D3802.NASL", "UBUNTU_USN-774-1.NASL", "DEBIAN_DSA-1791.NASL", "FEDORA_2009-3845.NASL", "FREEBSD_PKG_BFE218A5421811DEB67A0030843D3802.NASL", "FREEBSD_PKG_FC4D0AE83FA311DEA3FD0030843D3802.NASL", "FEDORA_2009-3868.NASL", "UBUNTU_USN-716-1.NASL", "DEBIAN_DSA-1715.NASL"]}, {"type": "ubuntu", "idList": ["USN-774-1", "USN-716-1"]}, {"type": "exploitdb", "idList": ["EDB-ID:32746"]}, {"type": "freebsd", "idList": ["FC4D0AE8-3FA3-11DE-A3FD-0030843D3802", "6A523DBA-EEAB-11DD-AB4F-0030843D3802", "BFE218A5-4218-11DE-B67A-0030843D3802"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1715-1:0EDF4", "DEBIAN:DSA-1791-1:9DB18"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:21261", "SECURITYVULNS:VULN:9634"]}], "modified": "2018-04-06T11:39:47", "rev": 2}, "vulnersScore": 6.2}, "pluginID": "136141256231064004", "sourceData": "#\n#VID bfe218a5-4218-11de-b67a-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID bfe218a5-4218-11de-b67a-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: moinmoin\n\nCVE-2009-1482\nMultiple cross-site scripting (XSS) vulnerabilities in\naction/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote\nattackers to inject arbitrary web script or HTML via (1) an AttachFile\nsub-action in the error_msg function or (2) multiple vectors related\nto package file errors in the upload_form function, different vectors\nthan CVE-2009-0260.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/34821/\nhttp://moinmo.in/SecurityFixes\nhttp://www.vuxml.org/freebsd/bfe218a5-4218-11de-b67a-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64004\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-1482\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: moinmoin\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"moinmoin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8.3\")<0) {\n txt += 'Package moinmoin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "FreeBSD Local Security Checks"}
{"cve": [{"lastseen": "2021-02-02T05:39:58", "description": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).", "edition": 6, "cvss3": {}, "published": "2009-01-23T19:00:00", "title": "CVE-2009-0260", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0260"], "modified": "2018-10-11T21:01:00", "cpe": ["cpe:/a:moinmoin:moinmoin:1.2", "cpe:/a:moinmoin:moinmoin:1.5.5_rc1", "cpe:/a:moinmoin:moinmoin:1.5.8", "cpe:/a:moinmoin:moinmoin:0.10", "cpe:/a:moinmoin:moinmoin:1.5.2", "cpe:/a:moinmoin:moinmoin:1.2.2", "cpe:/a:moinmoin:moinmoin:0.7", "cpe:/a:moinmoin:moinmoin:1.5.3_rc2", "cpe:/a:moinmoin:moinmoin:1.5.0", "cpe:/a:moinmoin:moinmoin:1.6.0", "cpe:/a:moinmoin:moinmoin:0.1", "cpe:/a:moinmoin:moinmoin:1.6.2", "cpe:/a:moinmoin:moinmoin:1.7.2", "cpe:/a:moinmoin:moinmoin:1.5.5a", "cpe:/a:moinmoin:moinmoin:1.2.1", "cpe:/a:moinmoin:moinmoin:1.7.1", "cpe:/a:moinmoin:moinmoin:1.5.5", "cpe:/a:moinmoin:moinmoin:1.5.6", "cpe:/a:moinmoin:moinmoin:1.6", "cpe:/a:moinmoin:moinmoin:0.3", "cpe:/a:moinmoin:moinmoin:1.1", "cpe:/a:moinmoin:moinmoin:1.5.4", "cpe:/a:moinmoin:moinmoin:1.6.1", "cpe:/a:moinmoin:moinmoin:0.2", "cpe:/a:moinmoin:moinmoin:1.5.3_rc1", "cpe:/a:moinmoin:moinmoin:1.7.3", "cpe:/a:moinmoin:moinmoin:0.8", "cpe:/a:moinmoin:moinmoin:0.9", "cpe:/a:moinmoin:moinmoin:1.6.3", "cpe:/a:moinmoin:moinmoin:1.5.7", "cpe:/a:moinmoin:moinmoin:1.7.0", "cpe:/a:moinmoin:moinmoin:1.8.0", "cpe:/a:moinmoin:moinmoin:1.5.3", "cpe:/a:moinmoin:moinmoin:1.0", "cpe:/a:moinmoin:moinmoin:1.5.1", "cpe:/a:moinmoin:moinmoin:0.11"], "id": "CVE-2009-0260", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0260", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:moinmoin:moinmoin:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.5_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.6:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:0.11:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.5a:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:40:01", "description": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.", "edition": 6, "cvss3": {}, "published": "2009-04-29T18:30:00", "title": "CVE-2009-1482", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1482"], "modified": "2017-08-17T01:30:00", "cpe": ["cpe:/a:moinmoin:moinmoin:1.2", "cpe:/a:moinmoin:moinmoin:1.5.5_rc1", "cpe:/a:moinmoin:moinmoin:1.5.8", "cpe:/a:moinmoin:moinmoin:0.10", "cpe:/a:moinmoin:moinmoin:1.5.2", "cpe:/a:moinmoin:moinmoin:1.2.2", "cpe:/a:moinmoin:moinmoin:0.7", "cpe:/a:moinmoin:moinmoin:1.5.3_rc2", "cpe:/a:moinmoin:moinmoin:1.5.0", "cpe:/a:moinmoin:moinmoin:1.6.0", "cpe:/a:moinmoin:moinmoin:0.1", "cpe:/a:moinmoin:moinmoin:1.6.2", "cpe:/a:moinmoin:moinmoin:1.7.2", "cpe:/a:moinmoin:moinmoin:1.5.5a", "cpe:/a:moinmoin:moinmoin:1.2.1", "cpe:/a:moinmoin:moinmoin:1.7.1", "cpe:/a:moinmoin:moinmoin:1.8.2", "cpe:/a:moinmoin:moinmoin:1.5.5", "cpe:/a:moinmoin:moinmoin:1.7", "cpe:/a:moinmoin:moinmoin:1.8.1", "cpe:/a:moinmoin:moinmoin:1.5.6", "cpe:/a:moinmoin:moinmoin:1.6", "cpe:/a:moinmoin:moinmoin:0.3", "cpe:/a:moinmoin:moinmoin:1.1", "cpe:/a:moinmoin:moinmoin:1.5.4", "cpe:/a:moinmo:moinmoin:1.6.1", "cpe:/a:moinmoin:moinmoin:1.6.1", "cpe:/a:moinmoin:moinmoin:0.2", "cpe:/a:moinmoin:moinmoin:1.5.3_rc1", "cpe:/a:moinmoin:moinmoin:1.7.3", "cpe:/a:moinmoin:moinmoin:0.8", "cpe:/a:moinmoin:moinmoin:0.9", "cpe:/a:moinmoin:moinmoin:1.6.3", "cpe:/a:moinmoin:moinmoin:1.5.7", "cpe:/a:moinmoin:moinmoin:1.7.0", "cpe:/a:moinmoin:moinmoin:1.8.0", "cpe:/a:moinmoin:moinmoin:1.5.3", "cpe:/a:moinmoin:moinmoin:1.0", "cpe:/a:moinmoin:moinmoin:1.5.1", "cpe:/a:moinmoin:moinmoin:0.11"], "id": "CVE-2009-1482", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1482", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:moinmoin:moinmoin:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.5_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.6:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:0.11:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.5a:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:moinmo:moinmoin:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.7:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:moinmoin:moinmoin:1.7.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-02T21:14:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1482", "CVE-2009-0260"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-12-23T00:00:00", "published": "2009-05-20T00:00:00", "id": "OPENVAS:64004", "href": "http://plugins.openvas.org/nasl.php?oid=64004", "type": "openvas", "title": "FreeBSD Ports: moinmoin", "sourceData": "#\n#VID bfe218a5-4218-11de-b67a-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID bfe218a5-4218-11de-b67a-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: moinmoin\n\nCVE-2009-1482\nMultiple cross-site scripting (XSS) vulnerabilities in\naction/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote\nattackers to inject arbitrary web script or HTML via (1) an AttachFile\nsub-action in the error_msg function or (2) multiple vectors related\nto package file errors in the upload_form function, different vectors\nthan CVE-2009-0260.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/34821/\nhttp://moinmo.in/SecurityFixes\nhttp://www.vuxml.org/freebsd/bfe218a5-4218-11de-b67a-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(64004);\n script_version(\"$Revision: 4847 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-23 10:33:16 +0100 (Fri, 23 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-1482\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: moinmoin\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"moinmoin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8.3\")<0) {\n txt += 'Package moinmoin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:38:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1482"], "description": "The remote host is missing an update to moin\nannounced via advisory DSA 1791-1.", "modified": "2018-04-06T00:00:00", "published": "2009-05-11T00:00:00", "id": "OPENVAS:136141256231063956", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063956", "type": "openvas", "title": "Debian Security Advisory DSA 1791-1 (moin)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1791_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1791-1 (moin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the AttachFile action in moin, a python clone of\nWikiWiki, is prone to cross-site scripting attacks when renaming\nattachements or performing other sub-actions.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.7.1-3+lenny2.\n\nThe oldstable distribution (etch) is not vulnerable.\n\nFor the testing (squeeze) distribution and the unstable distribution\n(sid), this problem will be fixed soon.\n\n\nWe recommend that you upgrade your moin packages.\";\ntag_summary = \"The remote host is missing an update to moin\nannounced via advisory DSA 1791-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201791-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63956\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-11 20:24:31 +0200 (Mon, 11 May 2009)\");\n script_cve_id(\"CVE-2009-1482\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1791-1 (moin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"python-moinmoin\", ver:\"1.7.1-3+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:56:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1482"], "description": "The remote host is missing an update to moin\nannounced via advisory DSA 1791-1.", "modified": "2017-07-07T00:00:00", "published": "2009-05-11T00:00:00", "id": "OPENVAS:63956", "href": "http://plugins.openvas.org/nasl.php?oid=63956", "type": "openvas", "title": "Debian Security Advisory DSA 1791-1 (moin)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1791_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1791-1 (moin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the AttachFile action in moin, a python clone of\nWikiWiki, is prone to cross-site scripting attacks when renaming\nattachements or performing other sub-actions.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.7.1-3+lenny2.\n\nThe oldstable distribution (etch) is not vulnerable.\n\nFor the testing (squeeze) distribution and the unstable distribution\n(sid), this problem will be fixed soon.\n\n\nWe recommend that you upgrade your moin packages.\";\ntag_summary = \"The remote host is missing an update to moin\nannounced via advisory DSA 1791-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201791-1\";\n\n\nif(description)\n{\n script_id(63956);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-11 20:24:31 +0200 (Mon, 11 May 2009)\");\n script_cve_id(\"CVE-2009-1482\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1791-1 (moin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"python-moinmoin\", ver:\"1.7.1-3+lenny2\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:38:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0312", "CVE-2009-0260"], "description": "The remote host is missing an update to moin\nannounced via advisory DSA 1715-1.", "modified": "2018-04-06T00:00:00", "published": "2009-02-02T00:00:00", "id": "OPENVAS:136141256231063301", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063301", "type": "openvas", "title": "Debian Security Advisory DSA 1715-1 (moin)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1715_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1715-1 (moin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the AttachFile action in moin, a python clone of\nWikiWiki, is prone to cross-site scripting attacks (CVE-2009-0260).\nAnother cross-site scripting vulnerability was discovered in the\nantispam feature (CVE-2009-0312).\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 1.5.3-1.2etch2.\n\nFor the testing (lenny) distribution these problems have been fixed in\nversion 1.7.1-3+lenny1.\n\nFor the unstable (sid) distribution these problems have been fixed in\nversion 1.8.1-1.1.\n\nWe recommend that you upgrade your moin packages.\";\ntag_summary = \"The remote host is missing an update to moin\nannounced via advisory DSA 1715-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201715-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63301\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-02 23:28:24 +0100 (Mon, 02 Feb 2009)\");\n script_cve_id(\"CVE-2009-0260\", \"CVE-2009-0312\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1715-1 (moin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"python-moinmoin\", ver:\"1.5.3-1.2etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"moinmoin-common\", ver:\"1.5.3-1.2etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:37:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0312", "CVE-2009-0260"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-04-06T00:00:00", "published": "2009-05-20T00:00:00", "id": "OPENVAS:136141256231064008", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064008", "type": "openvas", "title": "FreeBSD Ports: moinmoin", "sourceData": "#\n#VID fc4d0ae8-3fa3-11de-a3fd-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID fc4d0ae8-3fa3-11de-a3fd-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: moinmoin\n\nCVE-2009-0260\nMultiple cross-site scripting (XSS) vulnerabilities in\naction/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers\nto inject arbitrary web script or HTML via an AttachFile action to the\nWikiSandBox component with (1) the rename parameter or (2) the drawing\nparameter (aka the basename variable).\n\nCVE-2009-0312\nCross-site scripting (XSS) vulnerability in the antispam feature\n(security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote\nattackers to inject arbitrary web script or HTML via crafted,\ndisallowed content.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://moinmo.in/SecurityFixes\nhttp://secunia.com/advisories/33593\nhttp://www.vuxml.org/freebsd/fc4d0ae8-3fa3-11de-a3fd-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64008\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-0260\", \"CVE-2009-0312\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: moinmoin\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"moinmoin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8.2\")<0) {\n txt += 'Package moinmoin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:56:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0312", "CVE-2009-0260"], "description": "The remote host is missing an update to moin\nannounced via advisory DSA 1715-1.", "modified": "2017-07-07T00:00:00", "published": "2009-02-02T00:00:00", "id": "OPENVAS:63301", "href": "http://plugins.openvas.org/nasl.php?oid=63301", "type": "openvas", "title": "Debian Security Advisory DSA 1715-1 (moin)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1715_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1715-1 (moin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that the AttachFile action in moin, a python clone of\nWikiWiki, is prone to cross-site scripting attacks (CVE-2009-0260).\nAnother cross-site scripting vulnerability was discovered in the\nantispam feature (CVE-2009-0312).\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 1.5.3-1.2etch2.\n\nFor the testing (lenny) distribution these problems have been fixed in\nversion 1.7.1-3+lenny1.\n\nFor the unstable (sid) distribution these problems have been fixed in\nversion 1.8.1-1.1.\n\nWe recommend that you upgrade your moin packages.\";\ntag_summary = \"The remote host is missing an update to moin\nannounced via advisory DSA 1715-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201715-1\";\n\n\nif(description)\n{\n script_id(63301);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-02 23:28:24 +0100 (Mon, 02 Feb 2009)\");\n script_cve_id(\"CVE-2009-0260\", \"CVE-2009-0312\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1715-1 (moin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"python-moinmoin\", ver:\"1.5.3-1.2etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"moinmoin-common\", ver:\"1.5.3-1.2etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-02T21:13:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0312", "CVE-2009-0260"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-12-23T00:00:00", "published": "2009-05-20T00:00:00", "id": "OPENVAS:64008", "href": "http://plugins.openvas.org/nasl.php?oid=64008", "type": "openvas", "title": "FreeBSD Ports: moinmoin", "sourceData": "#\n#VID fc4d0ae8-3fa3-11de-a3fd-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID fc4d0ae8-3fa3-11de-a3fd-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: moinmoin\n\nCVE-2009-0260\nMultiple cross-site scripting (XSS) vulnerabilities in\naction/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers\nto inject arbitrary web script or HTML via an AttachFile action to the\nWikiSandBox component with (1) the rename parameter or (2) the drawing\nparameter (aka the basename variable).\n\nCVE-2009-0312\nCross-site scripting (XSS) vulnerability in the antispam feature\n(security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote\nattackers to inject arbitrary web script or HTML via crafted,\ndisallowed content.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://moinmo.in/SecurityFixes\nhttp://secunia.com/advisories/33593\nhttp://www.vuxml.org/freebsd/fc4d0ae8-3fa3-11de-a3fd-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(64008);\n script_version(\"$Revision: 4847 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-23 10:33:16 +0100 (Fri, 23 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-0260\", \"CVE-2009-0312\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: moinmoin\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"moinmoin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8.2\")<0) {\n txt += 'Package moinmoin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:40:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0312", "CVE-2009-0260"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-04-06T00:00:00", "published": "2009-02-02T00:00:00", "id": "OPENVAS:136141256231063311", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063311", "type": "openvas", "title": "FreeBSD Ports: moinmoin", "sourceData": "#\n#VID 6a523dba-eeab-11dd-ab4f-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 6a523dba-eeab-11dd-ab4f-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: moinmoin\n\nCVE-2009-0260\nMultiple cross-site scripting (XSS) vulnerabilities in\naction/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers\nto inject arbitrary web script or HTML via an AttachFile action to the\nWikiSandBox component with (1) the rename parameter or (2) the drawing\nparameter (aka the basename variable).\n\nCVE-2009-0312\nCross-site scripting (XSS) vulnerability in the antispam feature\n(security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote\nattackers to inject arbitrary web script or HTML via crafted,\ndisallowed content.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/33593/\nhttp://hg.moinmo.in/moin/1.8/file/c76d50dac855\nhttp://hg.moinmo.in/moin/1.8/rev/89b91bf87dad\nhttp://moinmo.in/SecurityFixes#moin1.8.1\nhttp://www.vuxml.org/freebsd/6a523dba-eeab-11dd-ab4f-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63311\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-02 23:28:24 +0100 (Mon, 02 Feb 2009)\");\n script_cve_id(\"CVE-2009-0260\", \"CVE-2009-0312\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: moinmoin\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"moinmoin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8.1\")<0) {\n txt += 'Package moinmoin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-02T21:14:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0312", "CVE-2009-0260"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-12-23T00:00:00", "published": "2009-02-02T00:00:00", "id": "OPENVAS:63311", "href": "http://plugins.openvas.org/nasl.php?oid=63311", "type": "openvas", "title": "FreeBSD Ports: moinmoin", "sourceData": "#\n#VID 6a523dba-eeab-11dd-ab4f-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 6a523dba-eeab-11dd-ab4f-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: moinmoin\n\nCVE-2009-0260\nMultiple cross-site scripting (XSS) vulnerabilities in\naction/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers\nto inject arbitrary web script or HTML via an AttachFile action to the\nWikiSandBox component with (1) the rename parameter or (2) the drawing\nparameter (aka the basename variable).\n\nCVE-2009-0312\nCross-site scripting (XSS) vulnerability in the antispam feature\n(security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote\nattackers to inject arbitrary web script or HTML via crafted,\ndisallowed content.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/33593/\nhttp://hg.moinmo.in/moin/1.8/file/c76d50dac855\nhttp://hg.moinmo.in/moin/1.8/rev/89b91bf87dad\nhttp://moinmo.in/SecurityFixes#moin1.8.1\nhttp://www.vuxml.org/freebsd/6a523dba-eeab-11dd-ab4f-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(63311);\n script_version(\"$Revision: 4847 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-23 10:33:16 +0100 (Fri, 23 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-02 23:28:24 +0100 (Mon, 02 Feb 2009)\");\n script_cve_id(\"CVE-2009-0260\", \"CVE-2009-0312\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: moinmoin\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"moinmoin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8.1\")<0) {\n txt += 'Package moinmoin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3381", "CVE-2009-0312", "CVE-2008-0781", "CVE-2009-0260"], "description": "The remote host is missing an update to moin\nannounced via advisory FEDORA-2009-3845.", "modified": "2017-07-10T00:00:00", "published": "2009-04-28T00:00:00", "id": "OPENVAS:63880", "href": "http://plugins.openvas.org/nasl.php?oid=63880", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-3845 (moin)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_3845.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-3845 (moin)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate moin to 1.6.4. Fix the following CVEs: CVE-2008-0781 (again),\nCVE-2008-3381, CVE-2009-0260, CVE-2009-0312. Fix AttachFile escaping problems,\nupstream 1.7 changeset 5f51246a4df1 backported.\nChangeLog:\n\n* Mon Apr 20 2009 Ville-Pekka Vainio 1.6.4-1\n- Update to 1.6.4\n- CVE-2008-3381 fixed upstream\n- Re-fix CVE-2008-0781, upstream seems to have dropped the fix in 1.6,\nused part of upstream 1.5 db212dfc58ef, backported upstream 1.7 5f51246a4df1\nand 269a1fbc3ed7\n- Fix CVE-2009-0260, patch from Debian etch\n- Fix CVE-2009-0312\n- Fix AttachFile escaping problems, backported upstream 1.7 5c4043e651b3\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update moin' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3845\";\ntag_summary = \"The remote host is missing an update to moin\nannounced via advisory FEDORA-2009-3845.\";\n\n\n\nif(description)\n{\n script_id(63880);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2008-0781\", \"CVE-2008-3381\", \"CVE-2009-0260\", \"CVE-2009-0312\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Core 9 FEDORA-2009-3845 (moin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=457362\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=481547\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=432748\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=482791\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"moin\", rpm:\"moin~1.6.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "ubuntu": [{"lastseen": "2020-07-08T23:36:33", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1482"], "description": "It was discovered that MoinMoin did not properly sanitize its input when \nattaching files, resulting in cross-site scripting (XSS) vulnerabilities. \nWith cross-site scripting vulnerabilities, if a user were tricked into \nviewing server output during a crafted server request, a remote attacker \ncould exploit this to modify the contents, or steal confidential data, \nwithin the same domain.", "edition": 5, "modified": "2009-05-11T00:00:00", "published": "2009-05-11T00:00:00", "id": "USN-774-1", "href": "https://ubuntu.com/security/notices/USN-774-1", "title": "MoinMoin vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-09T00:28:59", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0780", "CVE-2008-1099", "CVE-2008-1098", "CVE-2008-0782", "CVE-2009-0312", "CVE-2008-0781", "CVE-2009-0260"], "description": "Fernando Quintero discovered than MoinMoin did not properly sanitize its \ninput when processing login requests, resulting in cross-site scripting (XSS) \nvulnerabilities. With cross-site scripting vulnerabilities, if a user were \ntricked into viewing server output during a crafted server request, a remote \nattacker could exploit this to modify the contents, or steal confidential data, \nwithin the same domain. This issue affected Ubuntu 7.10 and 8.04 LTS. \n(CVE-2008-0780)\n\nFernando Quintero discovered that MoinMoin did not properly sanitize its input \nwhen attaching files, resulting in cross-site scripting vulnerabilities. This \nissue affected Ubuntu 6.06 LTS, 7.10 and 8.04 LTS. (CVE-2008-0781)\n\nIt was discovered that MoinMoin did not properly sanitize its input when \nprocessing user forms. A remote attacker could submit crafted cookie values and \noverwrite arbitrary files via directory traversal. This issue affected Ubuntu \n6.06 LTS, 7.10 and 8.04 LTS. (CVE-2008-0782)\n\nIt was discovered that MoinMoin did not properly sanitize its input when \nediting pages, resulting in cross-site scripting vulnerabilities. This issue \nonly affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-1098)\n\nIt was discovered that MoinMoin did not properly enforce access controls, \nwhich could allow a remoter attacker to view private pages. This issue only \naffected Ubuntu 6.06 LTS and 7.10. (CVE-2008-1099)\n\nIt was discovered that MoinMoin did not properly sanitize its input when \nattaching files and using the rename parameter, resulting in cross-site \nscripting vulnerabilities. (CVE-2009-0260)\n\nIt was discovered that MoinMoin did not properly sanitize its input when \ndisplaying error messages after processing spam, resulting in cross-site \nscripting vulnerabilities. (CVE-2009-0312)", "edition": 5, "modified": "2009-01-30T00:00:00", "published": "2009-01-30T00:00:00", "id": "USN-716-1", "href": "https://ubuntu.com/security/notices/USN-716-1", "title": "MoinMoin vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-07T10:49:41", "description": "Secunia reports :\n\nInput passed via multiple parameters to action/AttachFile.py is not\nproperly sanitised before being returned to the user. This can be\nexploited to execute arbitrary HTML and script code in a user's\nbrowser session in the context of an affected site.", "edition": 25, "published": "2009-05-18T00:00:00", "title": "FreeBSD : moinmoin -- XSS vulnerabilities (bfe218a5-4218-11de-b67a-0030843d3802)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1482"], "modified": "2009-05-18T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:moinmoin"], "id": "FREEBSD_PKG_BFE218A5421811DEB67A0030843D3802.NASL", "href": "https://www.tenable.com/plugins/nessus/38806", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38806);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1482\");\n script_xref(name:\"Secunia\", value:\"34821\");\n\n script_name(english:\"FreeBSD : moinmoin -- XSS vulnerabilities (bfe218a5-4218-11de-b67a-0030843d3802)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nInput passed via multiple parameters to action/AttachFile.py is not\nproperly sanitised before being returned to the user. This can be\nexploited to execute arbitrary HTML and script code in a user's\nbrowser session in the context of an affected site.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://moinmo.in/SecurityFixes\"\n );\n # https://vuxml.freebsd.org/freebsd/bfe218a5-4218-11de-b67a-0030843d3802.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eee061c7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:moinmoin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"moinmoin<1.8.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-06T09:45:22", "description": "It was discovered that the AttachFile action in moin, a python clone\nof WikiWiki, is prone to cross-site scripting attacks when renaming\nattachements or performing other sub-actions.\n\nThe oldstable distribution (etch) is not vulnerable.", "edition": 25, "published": "2009-05-07T00:00:00", "title": "Debian DSA-1791-1 : moin - insufficient input sanitising", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1482"], "modified": "2009-05-07T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:moin", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-1791.NASL", "href": "https://www.tenable.com/plugins/nessus/38696", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1791. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38696);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-1482\");\n script_xref(name:\"DSA\", value:\"1791\");\n\n script_name(english:\"Debian DSA-1791-1 : moin - insufficient input sanitising\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the AttachFile action in moin, a python clone\nof WikiWiki, is prone to cross-site scripting attacks when renaming\nattachements or performing other sub-actions.\n\nThe oldstable distribution (etch) is not vulnerable.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1791\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the moin packages.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.7.1-3+lenny2.\n\nFor the testing (squeeze) distribution and the unstable distribution\n(sid), this problem will be fixed soon.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:moin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"python-moinmoin\", reference:\"1.7.1-3+lenny2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T15:44:34", "description": "It was discovered that MoinMoin did not properly sanitize its input\nwhen attaching files, resulting in cross-site scripting (XSS)\nvulnerabilities. With cross-site scripting vulnerabilities, if a user\nwere tricked into viewing server output during a crafted server\nrequest, a remote attacker could exploit this to modify the contents,\nor steal confidential data, within the same domain.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-05-12T00:00:00", "title": "Ubuntu 8.10 / 9.04 : moin vulnerability (USN-774-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1482"], "modified": "2009-05-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python-moinmoin", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04"], "id": "UBUNTU_USN-774-1.NASL", "href": "https://www.tenable.com/plugins/nessus/38741", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-774-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38741);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-1482\");\n script_xref(name:\"USN\", value:\"774-1\");\n\n script_name(english:\"Ubuntu 8.10 / 9.04 : moin vulnerability (USN-774-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that MoinMoin did not properly sanitize its input\nwhen attaching files, resulting in cross-site scripting (XSS)\nvulnerabilities. With cross-site scripting vulnerabilities, if a user\nwere tricked into viewing server output during a crafted server\nrequest, a remote attacker could exploit this to modify the contents,\nor steal confidential data, within the same domain.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/774-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-moinmoin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-moinmoin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.10\", pkgname:\"python-moinmoin\", pkgver:\"1.7.1-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"python-moinmoin\", pkgver:\"1.8.2-2ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-moinmoin\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T10:45:07", "description": "Secunia reports :\n\nInput passed to multiple parameters in action/AttachFile.py is not\nproperly sanitised before being returned to the user. This can be\nexploited to execute arbitrary HTML and script code in a user's\nbrowser session in the context of an affected site.\n\nCertain input passed to security/antispam.py is not properly sanitised\nbefore being returned to the user. This can be exploited to execute\narbitrary HTML and script code in a user's browser session in the\ncontext of an affected site.", "edition": 25, "published": "2009-02-01T00:00:00", "title": "FreeBSD : moinmoin -- multiple XSS vulnerabilities (6a523dba-eeab-11dd-ab4f-0030843d3802)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0312", "CVE-2009-0260"], "modified": "2009-02-01T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:moinmoin"], "id": "FREEBSD_PKG_6A523DBAEEAB11DDAB4F0030843D3802.NASL", "href": "https://www.tenable.com/plugins/nessus/35563", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35563);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0260\", \"CVE-2009-0312\");\n script_xref(name:\"Secunia\", value:\"33593\");\n\n script_name(english:\"FreeBSD : moinmoin -- multiple XSS vulnerabilities (6a523dba-eeab-11dd-ab4f-0030843d3802)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nInput passed to multiple parameters in action/AttachFile.py is not\nproperly sanitised before being returned to the user. This can be\nexploited to execute arbitrary HTML and script code in a user's\nbrowser session in the context of an affected site.\n\nCertain input passed to security/antispam.py is not properly sanitised\nbefore being returned to the user. This can be exploited to execute\narbitrary HTML and script code in a user's browser session in the\ncontext of an affected site.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://hg.moinmo.in/moin/1.8/file/c76d50dac855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://moinmo.in/SecurityFixes#moin1.8.1\"\n );\n # https://vuxml.freebsd.org/freebsd/6a523dba-eeab-11dd-ab4f-0030843d3802.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b8722d6d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:moinmoin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"moinmoin<1.8.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T10:51:36", "description": "Secunia reports :\n\nSome vulnerabilities have been reported in MoinMoin, which can be\nexploited by malicious people to conduct cross-site scripting attacks.\n\nInput passed to multiple parameters in action/AttachFile.py is not\nproperly sanitised before being returned to the user. This can be\nexploited to execute arbitrary HTML and script code in a user's\nbrowser session in the context of an affected site.\n\nCertain input passed to security/antispam.py is not properly sanitised\nbefore being returned to the user. This can be exploited to execute\narbitrary HTML and script code in a user's browser session in the\ncontext of an affected site.", "edition": 25, "published": "2009-05-14T00:00:00", "title": "FreeBSD : moinmoin -- multiple XSS vulnerabilities (fc4d0ae8-3fa3-11de-a3fd-0030843d3802)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0312", "CVE-2009-0260"], "modified": "2009-05-14T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:moinmoin"], "id": "FREEBSD_PKG_FC4D0AE83FA311DEA3FD0030843D3802.NASL", "href": "https://www.tenable.com/plugins/nessus/38764", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38764);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0260\", \"CVE-2009-0312\");\n script_xref(name:\"Secunia\", value:\"33593\");\n\n script_name(english:\"FreeBSD : moinmoin -- multiple XSS vulnerabilities (fc4d0ae8-3fa3-11de-a3fd-0030843d3802)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nSome vulnerabilities have been reported in MoinMoin, which can be\nexploited by malicious people to conduct cross-site scripting attacks.\n\nInput passed to multiple parameters in action/AttachFile.py is not\nproperly sanitised before being returned to the user. This can be\nexploited to execute arbitrary HTML and script code in a user's\nbrowser session in the context of an affected site.\n\nCertain input passed to security/antispam.py is not properly sanitised\nbefore being returned to the user. This can be exploited to execute\narbitrary HTML and script code in a user's browser session in the\ncontext of an affected site.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://moinmo.in/SecurityFixes\"\n );\n # https://vuxml.freebsd.org/freebsd/fc4d0ae8-3fa3-11de-a3fd-0030843d3802.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?16fc5935\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:moinmoin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"moinmoin<1.8.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-06T09:45:17", "description": "It was discovered that the AttachFile action in moin, a python clone\nof WikiWiki, is prone to cross-site scripting attacks (CVE-2009-0260\n). Another cross-site scripting vulnerability was discovered in the\nantispam feature (CVE-2009-0312 ).", "edition": 25, "published": "2009-01-29T00:00:00", "title": "Debian DSA-1715-1 : moin - insufficient input sanitising", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0312", "CVE-2009-0260"], "modified": "2009-01-29T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:moin", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1715.NASL", "href": "https://www.tenable.com/plugins/nessus/35550", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1715. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35550);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-0260\", \"CVE-2009-0312\");\n script_xref(name:\"DSA\", value:\"1715\");\n\n script_name(english:\"Debian DSA-1715-1 : moin - insufficient input sanitising\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the AttachFile action in moin, a python clone\nof WikiWiki, is prone to cross-site scripting attacks (CVE-2009-0260\n). Another cross-site scripting vulnerability was discovered in the\nantispam feature (CVE-2009-0312 ).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1715\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the moin packages.\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 1.5.3-1.2etch2.\n\nFor the testing (lenny) distribution these problems have been fixed in\nversion 1.7.1-3+lenny1.\n\nFor the unstable (sid) distribution these problems have been fixed in\nversion 1.8.1-1.1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:moin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"moinmoin-common\", reference:\"1.5.3-1.2etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python-moinmoin\", reference:\"1.5.3-1.2etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:07:15", "description": "Update moin to 1.6.4. Fix the following CVEs: CVE-2008-0781 (again),\nCVE-2008-3381, CVE-2009-0260, CVE-2009-0312. Fix AttachFile escaping\nproblems, upstream 1.7 changeset 5f51246a4df1 backported.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-04-22T00:00:00", "title": "Fedora 9 : moin-1.6.4-1.fc9 (2009-3845)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3381", "CVE-2009-0312", "CVE-2008-0781", "CVE-2009-0260"], "modified": "2009-04-22T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:moin", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2009-3845.NASL", "href": "https://www.tenable.com/plugins/nessus/36211", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-3845.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36211);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0781\", \"CVE-2008-3381\", \"CVE-2009-0260\", \"CVE-2009-0312\");\n script_bugtraq_id(30297, 33365, 33479);\n script_xref(name:\"FEDORA\", value:\"2009-3845\");\n\n script_name(english:\"Fedora 9 : moin-1.6.4-1.fc9 (2009-3845)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update moin to 1.6.4. Fix the following CVEs: CVE-2008-0781 (again),\nCVE-2008-3381, CVE-2009-0260, CVE-2009-0312. Fix AttachFile escaping\nproblems, upstream 1.7 changeset 5f51246a4df1 backported.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=432748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=457362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=481547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=482791\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022561.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42bd1714\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected moin package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"moin-1.6.4-1.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moin\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:07:15", "description": "Update moin to 1.6.4. Fix the following CVEs: CVE-2008-0781 (again),\nCVE-2008-3381, CVE-2009-0260, CVE-2009-0312. Fix AttachFile escaping\nproblems, upstream 1.7 changeset 5f51246a4df1 backported.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-04-23T00:00:00", "title": "Fedora 10 : moin-1.6.4-1.fc10 (2009-3868)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-3381", "CVE-2009-0312", "CVE-2008-0781", "CVE-2009-0260"], "modified": "2009-04-23T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:moin"], "id": "FEDORA_2009-3868.NASL", "href": "https://www.tenable.com/plugins/nessus/37870", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-3868.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37870);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-0781\", \"CVE-2008-3381\", \"CVE-2009-0260\", \"CVE-2009-0312\");\n script_bugtraq_id(30297, 33365, 33479);\n script_xref(name:\"FEDORA\", value:\"2009-3868\");\n\n script_name(english:\"Fedora 10 : moin-1.6.4-1.fc10 (2009-3868)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update moin to 1.6.4. Fix the following CVEs: CVE-2008-0781 (again),\nCVE-2008-3381, CVE-2009-0260, CVE-2009-0312. Fix AttachFile escaping\nproblems, upstream 1.7 changeset 5f51246a4df1 backported.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=432748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=457362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=481547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=482791\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022622.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?83d0fb26\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected moin package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"moin-1.6.4-1.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moin\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T15:44:24", "description": "Fernando Quintero discovered than MoinMoin did not properly sanitize\nits input when processing login requests, resulting in cross-site\nscripting (XSS) vulnerabilities. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing server output\nduring a crafted server request, a remote attacker could exploit this\nto modify the contents, or steal confidential data, within the same\ndomain. This issue affected Ubuntu 7.10 and 8.04 LTS. (CVE-2008-0780)\n\nFernando Quintero discovered that MoinMoin did not properly sanitize\nits input when attaching files, resulting in cross-site scripting\nvulnerabilities. This issue affected Ubuntu 6.06 LTS, 7.10 and 8.04\nLTS. (CVE-2008-0781)\n\nIt was discovered that MoinMoin did not properly sanitize its input\nwhen processing user forms. A remote attacker could submit crafted\ncookie values and overwrite arbitrary files via directory traversal.\nThis issue affected Ubuntu 6.06 LTS, 7.10 and 8.04 LTS.\n(CVE-2008-0782)\n\nIt was discovered that MoinMoin did not properly sanitize its input\nwhen editing pages, resulting in cross-site scripting vulnerabilities.\nThis issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-1098)\n\nIt was discovered that MoinMoin did not properly enforce access\ncontrols, which could allow a remoter attacker to view private pages.\nThis issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-1099)\n\nIt was discovered that MoinMoin did not properly sanitize its input\nwhen attaching files and using the rename parameter, resulting in\ncross-site scripting vulnerabilities. (CVE-2009-0260)\n\nIt was discovered that MoinMoin did not properly sanitize its input\nwhen displaying error messages after processing spam, resulting in\ncross-site scripting vulnerabilities. (CVE-2009-0312).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "published": "2009-04-23T00:00:00", "title": "Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : moin vulnerabilities (USN-716-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-0780", "CVE-2008-1099", "CVE-2008-1098", "CVE-2008-0782", "CVE-2009-0312", "CVE-2008-0781", "CVE-2009-0260"], "modified": "2009-04-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:7.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:python2.4-moinmoin", "p-cpe:/a:canonical:ubuntu_linux:python-moinmoin", "cpe:/o:canonical:ubuntu_linux:8.10", "p-cpe:/a:canonical:ubuntu_linux:moinmoin-common", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-716-1.NASL", "href": "https://www.tenable.com/plugins/nessus/38011", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-716-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38011);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-0780\", \"CVE-2008-0781\", \"CVE-2008-0782\", \"CVE-2008-1098\", \"CVE-2008-1099\", \"CVE-2009-0260\", \"CVE-2009-0312\");\n script_bugtraq_id(28177, 33365, 33479);\n script_xref(name:\"USN\", value:\"716-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : moin vulnerabilities (USN-716-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fernando Quintero discovered than MoinMoin did not properly sanitize\nits input when processing login requests, resulting in cross-site\nscripting (XSS) vulnerabilities. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing server output\nduring a crafted server request, a remote attacker could exploit this\nto modify the contents, or steal confidential data, within the same\ndomain. This issue affected Ubuntu 7.10 and 8.04 LTS. (CVE-2008-0780)\n\nFernando Quintero discovered that MoinMoin did not properly sanitize\nits input when attaching files, resulting in cross-site scripting\nvulnerabilities. This issue affected Ubuntu 6.06 LTS, 7.10 and 8.04\nLTS. (CVE-2008-0781)\n\nIt was discovered that MoinMoin did not properly sanitize its input\nwhen processing user forms. A remote attacker could submit crafted\ncookie values and overwrite arbitrary files via directory traversal.\nThis issue affected Ubuntu 6.06 LTS, 7.10 and 8.04 LTS.\n(CVE-2008-0782)\n\nIt was discovered that MoinMoin did not properly sanitize its input\nwhen editing pages, resulting in cross-site scripting vulnerabilities.\nThis issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-1098)\n\nIt was discovered that MoinMoin did not properly enforce access\ncontrols, which could allow a remoter attacker to view private pages.\nThis issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-1099)\n\nIt was discovered that MoinMoin did not properly sanitize its input\nwhen attaching files and using the rename parameter, resulting in\ncross-site scripting vulnerabilities. (CVE-2009-0260)\n\nIt was discovered that MoinMoin did not properly sanitize its input\nwhen displaying error messages after processing spam, resulting in\ncross-site scripting vulnerabilities. (CVE-2009-0312).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/716-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected moinmoin-common, python-moinmoin and / or\npython2.4-moinmoin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(22, 79, 264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:moinmoin-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-moinmoin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-moinmoin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.10|8\\.04|8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.10 / 8.04 / 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"moinmoin-common\", pkgver:\"1.5.2-1ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python-moinmoin\", pkgver:\"1.5.2-1ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-moinmoin\", pkgver:\"1.5.2-1ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"moinmoin-common\", pkgver:\"1.5.7-3ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python-moinmoin\", pkgver:\"1.5.7-3ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"moinmoin-common\", pkgver:\"1.5.8-5.1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python-moinmoin\", pkgver:\"1.5.8-5.1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"python-moinmoin\", pkgver:\"1.7.1-1ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moinmoin-common / python-moinmoin / python2.4-moinmoin\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:15", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1482"], "description": "\nSecunia reports:\n\nInput passed via multiple parameters to action/AttachFile.py is not\n\t properly sanitised before being returned to the user. This can be\n\t exploited to execute arbitrary HTML and script code in a user's\n\t browser session in the context of an affected site.\n\n", "edition": 4, "modified": "2009-04-21T00:00:00", "published": "2009-04-21T00:00:00", "id": "BFE218A5-4218-11DE-B67A-0030843D3802", "href": "https://vuxml.freebsd.org/freebsd/bfe218a5-4218-11de-b67a-0030843d3802.html", "title": "moinmoin -- cross-site scripting vulnerabilities", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:15", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0312", "CVE-2009-0260"], "description": "\nSecunia reports:\n\nSome vulnerabilities have been reported in MoinMoin, which can be\n\t exploited by malicious people to conduct cross-site scripting attacks.\nInput passed to multiple parameters in action/AttachFile.py is not\n\t properly sanitised before being returned to the user. This can be\n\t exploited to execute arbitrary HTML and script code in a user's\n\t browser session in the context of an affected site.\nCertain input passed to security/antispam.py is not properly\n\t sanitised before being returned to the user. This can be exploited to\n\t execute arbitrary HTML and script code in a user's browser session in\n\t the context of an affected site.\n\n", "edition": 4, "modified": "2009-01-21T00:00:00", "published": "2009-01-21T00:00:00", "id": "FC4D0AE8-3FA3-11DE-A3FD-0030843D3802", "href": "https://vuxml.freebsd.org/freebsd/fc4d0ae8-3fa3-11de-a3fd-0030843d3802.html", "title": "moinmoin -- multiple cross site scripting vulnerabilities", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:18", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0312", "CVE-2009-0260"], "description": "\nSecunia reports:\n\nInput passed to multiple parameters in action/AttachFile.py is not\n\t properly sanitised before being returned to the user. This can be\n\t exploited to execute arbitrary HTML and script code in a user's\n\t browser session in the context of an affected site.\nCertain input passed to security/antispam.py is not properly\n\t sanitised before being returned to the user. This can be exploited to\n\t execute arbitrary HTML and script code in a user's browser session in\n\t the context of an affected site.\n\n", "edition": 4, "modified": "2009-01-21T00:00:00", "published": "2009-01-21T00:00:00", "id": "6A523DBA-EEAB-11DD-AB4F-0030843D3802", "href": "https://vuxml.freebsd.org/freebsd/6a523dba-eeab-11dd-ab4f-0030843d3802.html", "title": "moinmoin -- multiple cross site scripting vulnerabilities", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2020-11-11T13:14:09", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1482"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1791-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nMay 06, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : moin\nVulnerability : insufficient input sanitising\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2009-1482\nDebian Bug : 526594\n\n\nIt was discovered that the AttachFile action in moin, a python clone of\nWikiWiki, is prone to cross-site scripting attacks when renaming\nattachements or performing other sub-actions.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.7.1-3+lenny2.\n\nThe oldstable distribution (etch) is not vulnerable.\n\nFor the testing (squeeze) distribution and the unstable distribution\n(sid), this problem will be fixed soon.\n\n\nWe recommend that you upgrade your moin packages.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1-3+lenny2.diff.gz\n Size/MD5 checksum: 78829 46802a81d20427b26a8aa60af1f576c9\n http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1.orig.tar.gz\n Size/MD5 checksum: 5468224 871337b8171c91f9a6803e5376857e8d\n http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1-3+lenny2.dsc\n Size/MD5 checksum: 1258 13d23d74a20087879c69545351a59dad\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/m/moin/python-moinmoin_1.7.1-3+lenny2_all.deb\n Size/MD5 checksum: 4506106 9fb6772b6c4f6eb816a488593257f026\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2009-05-06T11:42:07", "published": "2009-05-06T11:42:07", "id": "DEBIAN:DSA-1791-1:9DB18", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00102.html", "title": "[SECURITY] [DSA 1791-1] New moin packages fix cross-site scripting", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-11-11T13:13:20", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0312", "CVE-2009-0260"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1715 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nJanuary 29, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : moin\nVulnerability : insufficient input sanitising\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2009-0260 CVE-2009-0312\nDebian Bug : 513158\n\n\nIt was discovered that the AttachFile action in moin, a python clone of\nWikiWiki, is prone to cross-site scripting attacks (CVE-2009-0260).\nAnother cross-site scripting vulnerability was discovered in the\nantispam feature (CVE-2009-0312).\n\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 1.5.3-1.2etch2.\n\nFor the testing (lenny) distribution these problems have been fixed in\nversion 1.7.1-3+lenny1.\n\nFor the unstable (sid) distribution these problems have been fixed in\nversion 1.8.1-1.1.\n\nWe recommend that you upgrade your moin packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/m/moin/moin_1.5.3-1.2etch2.diff.gz\n Size/MD5 checksum: 40914 139bcec334ed7fbf1ca2bef3c89a8377\n http://security.debian.org/pool/updates/main/m/moin/moin_1.5.3.orig.tar.gz\n Size/MD5 checksum: 4187091 e95ec46ee8de9527a39793108de22f7d\n http://security.debian.org/pool/updates/main/m/moin/moin_1.5.3-1.2etch2.dsc\n Size/MD5 checksum: 671 7b24d6f694511840a0a9da0c9f33f5ad\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/m/moin/python-moinmoin_1.5.3-1.2etch2_all.deb\n Size/MD5 checksum: 914904 ab6158ae7010c3701859ceb26bd61bd2\n http://security.debian.org/pool/updates/main/m/moin/moinmoin-common_1.5.3-1.2etch2_all.deb\n Size/MD5 checksum: 1595112 a46561072eb0ee26ee1a71275c0e64b3\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 7, "modified": "2009-01-29T07:14:25", "published": "2009-01-29T07:14:25", "id": "DEBIAN:DSA-1715-1:0EDF4", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00023.html", "title": "[SECURITY] [DSA 1715-1] New moin packages fix insufficient input sanitising", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "exploitdb": [{"lastseen": "2016-02-03T17:43:04", "description": "MoinMoin 1.8 'AttachFile.py' Cross-Site Scripting Vulnerability. CVE-2009-0260. Webapps exploit for cgi platform", "published": "2009-01-20T00:00:00", "type": "exploitdb", "title": "MoinMoin <= 1.8 - 'AttachFile.py' Cross-Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-0260"], "modified": "2009-01-20T00:00:00", "id": "EDB-ID:32746", "href": "https://www.exploit-db.com/exploits/32746/", "sourceData": "source: http://www.securityfocus.com/bid/33365/info\r\n\r\nMoinMoin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.\r\n\r\nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n\r\nVersions prior to MoinMoin 1.8.1 are vulnerable.\r\n\r\nhttp://www.example.com/moinmoin/WikiSandBox?rename=\"><script>alert('rename xss')</script>&action=AttachFile&drawing=\"><script>alert('drawing xss')</script> ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/32746/"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:29", "bulletinFamily": "software", "cvelist": ["CVE-2009-0312", "CVE-2009-0260"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1715 security@debian.org\r\nhttp://www.debian.org/security/ Steffen Joeris\r\nJanuary 29, 2009 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : moin\r\nVulnerability : insufficient input sanitising\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2009-0260 CVE-2009-0312\r\nDebian Bug : 513158\r\n\r\n\r\nIt was discovered that the AttachFile action in moin, a python clone of\r\nWikiWiki, is prone to cross-site scripting attacks (CVE-2009-0260).\r\nAnother cross-site scripting vulnerability was discovered in the\r\nantispam feature (CVE-2009-0312).\r\n\r\n\r\nFor the stable distribution (etch) these problems have been fixed in\r\nversion 1.5.3-1.2etch2.\r\n\r\nFor the testing (lenny) distribution these problems have been fixed in\r\nversion 1.7.1-3+lenny1.\r\n\r\nFor the unstable (sid) distribution these problems have been fixed in\r\nversion 1.8.1-1.1.\r\n\r\nWe recommend that you upgrade your moin packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\nDebian (stable)\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/m/moin/moin_1.5.3-1.2etch2.diff.gz\r\n Size/MD5 checksum: 40914 139bcec334ed7fbf1ca2bef3c89a8377\r\n http://security.debian.org/pool/updates/main/m/moin/moin_1.5.3.orig.tar.gz\r\n Size/MD5 checksum: 4187091 e95ec46ee8de9527a39793108de22f7d\r\n http://security.debian.org/pool/updates/main/m/moin/moin_1.5.3-1.2etch2.dsc\r\n Size/MD5 checksum: 671 7b24d6f694511840a0a9da0c9f33f5ad\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/m/moin/python-moinmoin_1.5.3-1.2etch2_all.deb\r\n Size/MD5 checksum: 914904 ab6158ae7010c3701859ceb26bd61bd2\r\n http://security.debian.org/pool/updates/main/m/moin/moinmoin-common_1.5.3-1.2etch2_all.deb\r\n Size/MD5 checksum: 1595112 a46561072eb0ee26ee1a71275c0e64b3\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFJgT3oU5XKDemr/NIRApQ9AJ4tYeY7WMIAUYHjmeryHoEo6HkecgCgmIU9\r\nb7VcvgOvyalRLrZrejSKFQI=\r\n=miAO\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-01-31T00:00:00", "published": "2009-01-31T00:00:00", "id": "SECURITYVULNS:DOC:21261", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21261", "title": "[SECURITY] [DSA 1715-1] New moin packages fix insufficient input sanitising", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:31", "bulletinFamily": "software", "cvelist": ["CVE-2009-0312", "CVE-2009-0260"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.\r\nE107: \u043e\u0431\u0445\u043e\u0434 CAPTCHA, \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0439 \u0441\u043a\u0440\u0438\u043f\u0442\u0438\u043d\u0433.", "edition": 1, "modified": "2009-01-31T00:00:00", "published": "2009-01-31T00:00:00", "id": "SECURITYVULNS:VULN:9634", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9634", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0781", "CVE-2008-3381", "CVE-2009-0260", "CVE-2009-0312"], "description": "MoinMoin is an advanced, easy to use and extensible WikiEngine with a large community of users. Said in a few words, it is about collaboration on easily editable web pages. ", "modified": "2009-06-18T11:43:30", "published": "2009-06-18T11:43:30", "id": "FEDORA:14BF610F8B4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: moin-1.6.4-2.fc9", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0781", "CVE-2008-3381", "CVE-2009-0260", "CVE-2009-0312"], "description": "MoinMoin is an advanced, easy to use and extensible WikiEngine with a large community of users. Said in a few words, it is about collaboration on easily editable web pages. ", "modified": "2009-04-22T01:12:01", "published": "2009-04-22T01:12:01", "id": "FEDORA:C674310F890", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: moin-1.6.4-1.fc10", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0781", "CVE-2008-3381", "CVE-2009-0260", "CVE-2009-0312"], "description": "MoinMoin is an advanced, easy to use and extensible WikiEngine with a large community of users. Said in a few words, it is about collaboration on easily editable web pages. ", "modified": "2009-06-18T11:43:01", "published": "2009-06-18T11:43:01", "id": "FEDORA:CD0DB10F802", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: moin-1.6.4-2.fc10", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0781", "CVE-2008-3381", "CVE-2009-0260", "CVE-2009-0312"], "description": "MoinMoin is an advanced, easy to use and extensible WikiEngine with a large community of users. Said in a few words, it is about collaboration on easily editable web pages. ", "modified": "2009-04-22T01:04:22", "published": "2009-04-22T01:04:22", "id": "FEDORA:DECEA10F892", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: moin-1.6.4-1.fc9", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0781", "CVE-2008-3381", "CVE-2009-0260", "CVE-2009-0312", "CVE-2009-2265"], "description": "MoinMoin is an advanced, easy to use and extensible WikiEngine with a large community of users. Said in a few words, it is about collaboration on easily editable web pages. ", "modified": "2009-07-19T10:23:43", "published": "2009-07-19T10:23:43", "id": "FEDORA:AF99210F89B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: moin-1.6.4-3.fc10", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
