8 matches found
CVE-2007-2836
Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename th...
CVE-2007-2836
Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename th...
CVE-2007-2836
Summary (CVE-2007-2836) : The Hiki wiki engine (Ruby) versions 0.8.0–0.8.6 are affected by a directory traversal vulnerability in the session management under session.rb. An insufficiently restrictive regular expression used to validate the session ID enables a remote attacker to craft a session ...
CVE-2007-2836
Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename th...
Debian DSA-1324-1 : hiki - missing input sanitising
Kazuhiro Nishiyama found a vulnerability in hiki, a Wiki engine written in Ruby, which could allow a remote attacker to delete arbitrary files which are writable to the Hiki user, via a specially crafted session parameter. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...
[SECURITY] [DSA 1324-1] New hiki packages fix missing input sanitising
------------------------------------------------------------------------ Debian Security Advisory DSA-1324 [email protected] http://www.debian.org/security/ Steve Kemp June 28, 2007 - ------------------------------------------------------------------------ Package : hiki Vulnerability : missing...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-2836. Reason: This candidate is a duplicate of CVE-2007-2836. Notes: All CVE users should reference CVE-2007-2836 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
CVE-2007-3395
CVE-2007-3395 is rejected and not used; reference CVE-2007-2836 instead.