Lucene search
K

8 matches found

UbuntuCve
UbuntuCve
added 2007/07/02 7:30 p.m.16 views

CVE-2007-2836

Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename th...

6.4CVSS6.1AI score0.02386EPSS
Exploits0References1
OSV
OSV
added 2007/07/02 7:30 p.m.4 views

CVE-2007-2836

Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename th...

6.6AI score
Exploits0References13
CVE
CVE
added 2007/07/02 7:0 p.m.49 views

CVE-2007-2836

Summary (CVE-2007-2836) : The Hiki wiki engine (Ruby) versions 0.8.0–0.8.6 are affected by a directory traversal vulnerability in the session management under session.rb. An insufficiently restrictive regular expression used to validate the session ID enables a remote attacker to craft a session ...

6.4CVSS6.5AI score0.02386EPSS
Exploits0References11Affected Software1
Debian CVE
Debian CVE
added 2007/07/02 7:0 p.m.15 views

CVE-2007-2836

Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename th...

6.4CVSS6.5AI score0.02386EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/07/01 12:0 a.m.21 views

Debian DSA-1324-1 : hiki - missing input sanitising

Kazuhiro Nishiyama found a vulnerability in hiki, a Wiki engine written in Ruby, which could allow a remote attacker to delete arbitrary files which are writable to the Hiki user, via a specially crafted session parameter. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...

6.4CVSS5.4AI score0.02386EPSS
Exploits0References3
Debian
Debian
added 2007/06/28 9:4 p.m.21 views

[SECURITY] [DSA 1324-1] New hiki packages fix missing input sanitising

------------------------------------------------------------------------ Debian Security Advisory DSA-1324 [email protected] http://www.debian.org/security/ Steve Kemp June 28, 2007 - ------------------------------------------------------------------------ Package : hiki Vulnerability : missing...

6.4CVSS6.2AI score0.02386EPSS
Exploits0
Prion
Prion
added 2007/06/26 5:30 p.m.12 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-2836. Reason: This candidate is a duplicate of CVE-2007-2836. Notes: All CVE users should reference CVE-2007-2836 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

6.6AI score0.02386EPSS
Exploits0
CVE
CVE
added 2007/06/26 5:0 p.m.31 views

CVE-2007-3395

CVE-2007-3395 is rejected and not used; reference CVE-2007-2836 instead.

6.3AI score
Exploits0
Rows per page
Query Builder