3 matches found
EUVD-2014-8594
Malware in sbrugna...
EUVD-2016-8813
Malware in sbrugna...
CVE-2016-7965
DokuWiki 2016-06-26a and older uses $SERVERHTTPHOST instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. A remote unauthenticated attacker can change the URL's hostname via the HTTP Host header. The vulnerability can be triggered only if the Host...