15 matches found
Debian: Security Advisory (DSA-1976-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DokuWiki Multiple CSRF Vulnerabilities
Dokuwiki is prone to multiple Cross Site Scripting vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2010-0288
A typo in the administrator permission check in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010...
CVE-2010-0287
Directory traversal vulnerability in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. dot dot in the ns parameter...
DEBIAN-CVE-2010-0289
Multiple cross-site request forgery CSRF vulnerabilities in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown...
CVE-2010-0288
A typo in the administrator permission check in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown...
UBUNTU-CVE-2010-0287
Directory traversal vulnerability in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. dot dot in the ns parameter...
CVE-2010-0287
Directory traversal vulnerability in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. dot dot in the ns parameter...
CVE-2010-0289
Multiple cross-site request forgery CSRF vulnerabilities in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown...
DEBIAN-CVE-2010-0287
Directory traversal vulnerability in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. dot dot in the ns parameter...
CVE-2010-0289
Multiple cross-site request forgery CSRF vulnerabilities in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown...
CVE-2010-0289
CVE-2010-0289 stems from CSRF flaws in DokuWiki’s ACL Manager plugin (plugins/acl/ajax.php). The vulnerabilities can allow an attacker to hijack an administrator’s session and modify access-control rules via unspecified vectors. Public details point to multiple CVEs in DokuWiki and advise upgradi...
CVE-2010-0287
Summary (CVE-2010-0287): A directory-traversal in DokuWiki’s ACL Manager plugin (plugins/acl/ajax.php) allows remote listing of arbitrary directories via a .. in the ns parameter. Affected: DokuWiki prior to the 2009-12-25b release. CVSS-like context from OpenVAS lists base 7.5 (vector AV:N/AC:L/...
[SECURITY] [DSA-1976-1] New dokuwiki packages fix several vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1976-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano January 22, 2010 http://www.debian.org/security/faq -...