Lucene search
K

32 matches found

seebug.org
seebug.org
added 2008/07/30 12:0 a.m.30 views

Trac Wiki引擎跨站脚本执行漏洞

BUGTRAQ ID: 30400 CVECAN ID: CVE-2008-3328 Trac是用Python编写的基于Web的事件跟踪系统。 Trac的Wiki引擎没有正确地验证某些参数便返回给了用户,远程攻击者可以通过向服务器提交恶意请求执行脚本注入或跨站脚本攻击。 Edgewall Software Trac 0.10.5 Edgewall Software ----------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://ftp.edgewall.com/pub/trac/trac-0.10.5.tar.gz...

4.3CVSS0.2AI score0.01335EPSS
Exploits1
NVD
NVD
added 2008/07/27 10:41 p.m.24 views

CVE-2008-3328

Cross-site scripting XSS vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

4.3CVSS5.5AI score0.01335EPSS
Exploits1References8
OSV
OSV
added 2008/07/27 10:41 p.m.23 views

PYSEC-2008-5

Cross-site scripting XSS vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

4.3CVSS4.4AI score0.01335EPSS
Exploits1References9
PyPA
PyPA
added 2008/07/27 10:41 p.m.7 views

PYSEC-2008-5

Cross-site scripting XSS vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

4.3CVSS6AI score0.01335EPSS
Exploits1References9Affected Software1
Cvelist
Cvelist
added 2008/07/27 10:0 p.m.30 views

CVE-2008-3328

Cross-site scripting XSS vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

5.9AI score0.01335EPSS
Exploits1References8
CVE
CVE
added 2008/07/27 10:0 p.m.71 views

CVE-2008-3328

CVE-2008-3328 : Trac’s wiki engine before 0.10.5 has a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary script via unknown vectors. Connected advisories confirm the issue is shell-agnostic to input points in the wiki engine prior to 0.10.5. The available r...

4.3CVSS5.9AI score0.01335EPSS
Exploits1References8Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.5 views

Trac cross-site scripting vulnerability

Overview Trac is a project management tool from Edgewall Software. InterAct Corp. provides a localized version of Trac in Japan. Trac wiki engine contains a cross-site scripting vulnerability. Impact A remote attacker could possibly execute an arbitrary script on the user's web browser. Solution...

4.3CVSS6.3AI score0.01369EPSS
Exploits0References10
Gentoo Linux
Gentoo Linux
added 2008/05/11 12:0 a.m.29 views

MoinMoin: Privilege escalation

Background MoinMoin is an advanced and extensible Wiki Engine. Description It has been reported that the user form processing in the file userform.py does not properly manage users when using Access Control Lists or a non-empty superusers list. Impact A remote attacker could exploit this...

6.8CVSS6.5AI score0.01656EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/03/18 12:0 a.m.32 views

MoinMoin: Multiple vulnerabilities

Background MoinMoin is an advanced, easy to use and extensible Wiki Engine. Description Multiple vulnerabilities have been discovered: A vulnerability exists in the file wikimacro.py because the macroGetval function does not properly enforce ACLs CVE-2008-1099. A directory traversal vulnerability...

5CVSS6.8AI score0.14787EPSS
Exploits1
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.22 views

Debian Security Advisory DSA 1119-1 (hiki)

The remote host is missing an update to hiki announced via advisory DSA 1119-1. Akira Tanaka discovered a vulnerability in Hiki Wiki, a Wiki engine written in Ruby that allows remote attackers to cause a denial of service via high CPU consumption using by performing a diff between large and...

5CVSS0.1AI score0.02227EPSS
Exploits0
OSV
OSV
added 2007/06/28 12:0 a.m.16 views

DSA-1324-1 hiki

Bulletin has no description...

6.4CVSS6.1AI score0.02386EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/10/14 12:0 a.m.23 views

Debian DSA-1119-1 : hiki - design flaw

Akira Tanaka discovered a vulnerability in Hiki Wiki, a Wiki engine written in Ruby that allows remote attackers to cause a denial of service via high CPU consumption using by performing a diff between large and specially crafted Wiki pages. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Th...

5CVSS5.5AI score0.02227EPSS
Exploits0References3
Rows per page
Query Builder