Lucene search
K

60 matches found

NVD
NVD
added 2018/04/13 3:29 p.m.26 views

CVE-2016-9646

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-field method similar to the CGI-param API that led to Bugzilla's CVE-2014-1572, which can be abused to lead to commit metadata forgery...

5.3CVSS7.2AI score0.01178EPSS
Exploits0References4
NVD
NVD
added 2018/04/13 3:29 p.m.27 views

CVE-2017-0356

A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters...

9.8CVSS7.3AI score0.03461EPSS
Exploits1References4
Prion
Prion
added 2018/04/13 3:29 p.m.19 views

Authentication flaw

A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters...

7.5CVSS7.1AI score0.03461EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2018/04/13 3:29 p.m.2 views

UBUNTU-CVE-2016-9646

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-field method similar to the CGI-param API that led to Bugzilla's CVE-2014-1572, which can be abused to lead to commit metadata forgery...

5.3CVSS7.1AI score0.01178EPSS
Exploits0References4
OSV
OSV
added 2018/04/13 3:29 p.m.1 views

DEBIAN-CVE-2016-9646

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-field method similar to the CGI-param API that led to Bugzilla's CVE-2014-1572, which can be abused to lead to commit metadata forgery...

5.3CVSS6.9AI score0.01178EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2018/04/13 3:0 p.m.34 views

CVE-2016-9646

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-field method similar to the CGI-param API that led to Bugzilla's CVE-2014-1572, which can be abused to lead to commit metadata forgery...

5.3CVSS7.5AI score0.01178EPSS
Exploits0
CVE
CVE
added 2018/04/13 3:0 p.m.64 views

CVE-2016-9646

CVE-2016-9646 affects ikiwiki prior to version 3.20161229. The issue arises from ikiwiki calling CGI::FormBuilder->field (analogous to CGI->param) in a way that can enable commit metadata forgery. The vulnerability is tied to the CGI::FormBuilder context-dependent API usage and can be trigg...

5.3CVSS7.2AI score0.01178EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2018/04/13 3:0 p.m.76 views

CVE-2017-0356

CVE-2017-0356 affects ikiwiki before 3.20170111, where the passwordauth plugin’s use of CGI::FormBuilder can be abused to bypass authentication by submitting repeated parameters. The issue is analogous to CVE-2016-9646 (commit metadata forgery). Multiple connected sources confirm the vulnerabilit...

9.8CVSS7.2AI score0.03461EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2018/04/13 3:0 p.m.29 views

CVE-2016-9646 Commit metadata forgery via CGI::FormBuilder context-dependent APIs

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-field method similar to the CGI-param API that led to Bugzilla's CVE-2014-1572, which can be abused to lead to commit metadata forgery...

7.2AI score0.01178EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2017/03/06 12:0 a.m.25 views

FreeBSD : ikiwiki -- multiple vulnerabilities (5ed094a0-0150-11e7-ae1b-002590263bf5)

Mitre reports : ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page...

7.5CVSS7AI score0.02129EPSS
Exploits0References6
Patchstack
Patchstack
added 2017/01/28 12:0 a.m.8 views

WordPress FormBuilder plugin <= 1.0.8 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ethicalhack3r in WordPress FormBuilder plugin versions = 1.0.8. Solution Deactivate and delete. This plugin has been closed as of March 2, 2022 and is not available for download. This closure is temporary, pending a full review...

3.8AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/01/28 12:0 a.m.20 views

FormBuilder <= 1.0.7 - Cross-Site Request Forgery (CSRF)

The FormBuilder WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...

3.2AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/01/28 12:0 a.m.10 views

FormBuilder <= 1.0.7 - Multiple Authenticated SQL Injection

The FormBuilder WordPress plugin was affected by a Multiple Authenticated SQL Injection security vulnerability...

2.4AI score
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2017/01/28 12:0 a.m.37 views

WordPress FormBuilder 1.05 Cross Site Request Forgery

------------------------------------------------------------------------ Cross-Site Request Forgery vulnerability in FormBuilder WordPress Plugin allows plugin permissions modification ------------------------------------------------------------------------ Burak Kelebek, July 2016...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2017/01/11 12:0 a.m.21 views

Debian: Security Advisory (DSA-3760-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.4AI score0.03461EPSS
Exploits1References4
FreeBSD
FreeBSD
added 2017/01/11 12:0 a.m.26 views

ikiwiki -- authentication bypass vulnerability

ikiwiki reports: The ikiwiki maintainers discovered further flaws similar to CVE-2016-9646 in the passwordauth plugin's use of CGI::FormBuilder, with a more serious impact: An attacker who can log in to a site with a password can log in as a different and potentially more privileged user. An...

5.3CVSS7.7AI score0.01178EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2016/12/19 12:0 a.m.41 views

ikiwiki -- multiple vulnerabilities

Mitre reports: ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page...

7.5CVSS7.1AI score0.02129EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2016/08/04 12:0 a.m.25 views

WordPress FormBuilder 1.05 Cross Site Scripting

------------------------------------------------------------------------ Cross-Site Scripting in FormBuilder WordPress Plugin ------------------------------------------------------------------------ Peter Ganzevles, July 2016 -----------------------------------------------------------------------...

0.1AI score
Exploits0
WPVulnDB
WPVulnDB
added 2016/08/04 12:0 a.m.18 views

FormBuilder <= 1.05 - Authenticated Reflected Cross-Site Scripting (XSS)

The FormBuilder WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS2.1AI score0.00913EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2012/05/28 12:0 a.m.18 views

Formbuilder < 0.91 - XSS

The FormBuilder WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2AI score0.00913EPSS
Exploits0Affected Software1
Rows per page
Query Builder