EUVD-2014-8592

Malware in sbrugna...

EUVD-2006-5084

Malware in sbrugna...

EUVD-2017-4154

Malware in sbrugna...

EUVD-2014-8594

Malware in sbrugna...

EUVD-2004-2550

Malware in sbrugna...

EUVD-2006-4667

Malware in sbrugna...

EUVD-2016-8813

Malware in sbrugna...

CVE-2016-7964

The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and...

CVE-2016-7965

DokuWiki 2016-06-26a and older uses $SERVERHTTPHOST instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. A remote unauthenticated attacker can change the URL's hostname via the HTTP Host header. The vulnerability can be triggered only if the Host...

MGASA-2014-0438 Updated dokuwiki packages fix security vulnerabilities

inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call CVE-2014-8761. The ajaxmediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access...

CVE-2012-3354

doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message...