32 matches found
Trac Wiki引擎跨站脚本执行漏洞
BUGTRAQ ID: 30400 CVECAN ID: CVE-2008-3328 Trac是用Python编写的基于Web的事件跟踪系统。 Trac的Wiki引擎没有正确地验证某些参数便返回给了用户,远程攻击者可以通过向服务器提交恶意请求执行脚本注入或跨站脚本攻击。 Edgewall Software Trac 0.10.5 Edgewall Software ----------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://ftp.edgewall.com/pub/trac/trac-0.10.5.tar.gz...
CVE-2008-3328
Cross-site scripting XSS vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
PYSEC-2008-5
Cross-site scripting XSS vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
PYSEC-2008-5
Cross-site scripting XSS vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
CVE-2008-3328
Cross-site scripting XSS vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
CVE-2008-3328
CVE-2008-3328 : Trac’s wiki engine before 0.10.5 has a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary script via unknown vectors. Connected advisories confirm the issue is shell-agnostic to input points in the wiki engine prior to 0.10.5. The available r...
Trac cross-site scripting vulnerability
Overview Trac is a project management tool from Edgewall Software. InterAct Corp. provides a localized version of Trac in Japan. Trac wiki engine contains a cross-site scripting vulnerability. Impact A remote attacker could possibly execute an arbitrary script on the user's web browser. Solution...
MoinMoin: Privilege escalation
Background MoinMoin is an advanced and extensible Wiki Engine. Description It has been reported that the user form processing in the file userform.py does not properly manage users when using Access Control Lists or a non-empty superusers list. Impact A remote attacker could exploit this...
MoinMoin: Multiple vulnerabilities
Background MoinMoin is an advanced, easy to use and extensible Wiki Engine. Description Multiple vulnerabilities have been discovered: A vulnerability exists in the file wikimacro.py because the macroGetval function does not properly enforce ACLs CVE-2008-1099. A directory traversal vulnerability...
Debian Security Advisory DSA 1119-1 (hiki)
The remote host is missing an update to hiki announced via advisory DSA 1119-1. Akira Tanaka discovered a vulnerability in Hiki Wiki, a Wiki engine written in Ruby that allows remote attackers to cause a denial of service via high CPU consumption using by performing a diff between large and...
DSA-1324-1 hiki
Bulletin has no description...
Debian DSA-1119-1 : hiki - design flaw
Akira Tanaka discovered a vulnerability in Hiki Wiki, a Wiki engine written in Ruby that allows remote attackers to cause a denial of service via high CPU consumption using by performing a diff between large and specially crafted Wiki pages. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Th...