27 matches found
CVE-2014-8762
The ajaxmediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter...
CVE-2013-5036
The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the 1 namespace parameter to the deobfuscation function or 2 sourcemap parameter to the sourcemap function in app/controllers/api/v1controller.rb...
Deserialization of untrusted data
The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the 1 namespace parameter to the deobfuscation function or 2 sourcemap parameter to the sourcemap function in app/controllers/api/v1controller.rb...
CVE-2013-6348
Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to 1 actionNames.action and 2 showConfig.action in config-browser/...
CVE-2013-6348
Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to 1 actionNames.action and 2 showConfig.action in config-browser/...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to 1 actionNames.action and 2 showConfig.action in config-browser/...
DEBIAN-CVE-2010-0287
Directory traversal vulnerability in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. dot dot in the ns parameter...