EUVD-2016-10447

Malware in sbrugna...

SUSE CVE-2017-0356

A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters...

IkiWiki Authentication Bypass Vulnerability

A flaw, similar to CVE-2016-9646 exists in the passwordauth plugin SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

CVE-2017-0356

A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters...

Design/Logic Flaw

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-field method similar to the CGI-param API that led to Bugzilla's CVE-2014-1572, which can be abused to lead to commit metadata forgery...

CVE-2016-9646

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-field method similar to the CGI-param API that led to Bugzilla's CVE-2014-1572, which can be abused to lead to commit metadata forgery...

CVE-2016-9646

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-field method similar to the CGI-param API that led to Bugzilla's CVE-2014-1572, which can be abused to lead to commit metadata forgery...

Authentication flaw

A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters...

CVE-2017-0356

A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters...

CVE-2016-9646 Commit metadata forgery via CGI::FormBuilder context-dependent APIs

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-field method similar to the CGI-param API that led to Bugzilla's CVE-2014-1572, which can be abused to lead to commit metadata forgery...

CVE-2016-9646

CVE-2016-9646 affects ikiwiki prior to version 3.20161229. The issue arises from ikiwiki calling CGI::FormBuilder->field (analogous to CGI->param) in a way that can enable commit metadata forgery. The vulnerability is tied to the CGI::FormBuilder context-dependent API usage and can be trigg...

CVE-2017-0356

CVE-2017-0356 affects ikiwiki before 3.20170111, where the passwordauth plugin’s use of CGI::FormBuilder can be abused to bypass authentication by submitting repeated parameters. The issue is analogous to CVE-2016-9646 (commit metadata forgery). Multiple connected sources confirm the vulnerabilit...

CVE-2016-9646

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-field method similar to the CGI-param API that led to Bugzilla's CVE-2014-1572, which can be abused to lead to commit metadata forgery...

FreeBSD : ikiwiki -- multiple vulnerabilities (5ed094a0-0150-11e7-ae1b-002590263bf5)

Mitre reports : ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page...

Debian: Security Advisory (DSA-3760-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ikiwiki -- authentication bypass vulnerability

ikiwiki reports: The ikiwiki maintainers discovered further flaws similar to CVE-2016-9646 in the passwordauth plugin's use of CGI::FormBuilder, with a more serious impact: An attacker who can log in to a site with a password can log in as a different and potentially more privileged user. An...

ikiwiki -- multiple vulnerabilities

Mitre reports: ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page...