60 matches found
CVE-2016-9646
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-field method similar to the CGI-param API that led to Bugzilla's CVE-2014-1572, which can be abused to lead to commit metadata forgery...
CVE-2017-0356
A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters...
Authentication flaw
A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters...
UBUNTU-CVE-2016-9646
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-field method similar to the CGI-param API that led to Bugzilla's CVE-2014-1572, which can be abused to lead to commit metadata forgery...
DEBIAN-CVE-2016-9646
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-field method similar to the CGI-param API that led to Bugzilla's CVE-2014-1572, which can be abused to lead to commit metadata forgery...
CVE-2016-9646
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-field method similar to the CGI-param API that led to Bugzilla's CVE-2014-1572, which can be abused to lead to commit metadata forgery...
CVE-2016-9646
CVE-2016-9646 affects ikiwiki prior to version 3.20161229. The issue arises from ikiwiki calling CGI::FormBuilder->field (analogous to CGI->param) in a way that can enable commit metadata forgery. The vulnerability is tied to the CGI::FormBuilder context-dependent API usage and can be trigg...
CVE-2017-0356
CVE-2017-0356 affects ikiwiki before 3.20170111, where the passwordauth plugin’s use of CGI::FormBuilder can be abused to bypass authentication by submitting repeated parameters. The issue is analogous to CVE-2016-9646 (commit metadata forgery). Multiple connected sources confirm the vulnerabilit...
CVE-2016-9646 Commit metadata forgery via CGI::FormBuilder context-dependent APIs
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-field method similar to the CGI-param API that led to Bugzilla's CVE-2014-1572, which can be abused to lead to commit metadata forgery...
FreeBSD : ikiwiki -- multiple vulnerabilities (5ed094a0-0150-11e7-ae1b-002590263bf5)
Mitre reports : ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page...
WordPress FormBuilder plugin <= 1.0.8 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by ethicalhack3r in WordPress FormBuilder plugin versions = 1.0.8. Solution Deactivate and delete. This plugin has been closed as of March 2, 2022 and is not available for download. This closure is temporary, pending a full review...
FormBuilder <= 1.0.7 - Cross-Site Request Forgery (CSRF)
The FormBuilder WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...
FormBuilder <= 1.0.7 - Multiple Authenticated SQL Injection
The FormBuilder WordPress plugin was affected by a Multiple Authenticated SQL Injection security vulnerability...
WordPress FormBuilder 1.05 Cross Site Request Forgery
------------------------------------------------------------------------ Cross-Site Request Forgery vulnerability in FormBuilder WordPress Plugin allows plugin permissions modification ------------------------------------------------------------------------ Burak Kelebek, July 2016...
Debian: Security Advisory (DSA-3760-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ikiwiki -- authentication bypass vulnerability
ikiwiki reports: The ikiwiki maintainers discovered further flaws similar to CVE-2016-9646 in the passwordauth plugin's use of CGI::FormBuilder, with a more serious impact: An attacker who can log in to a site with a password can log in as a different and potentially more privileged user. An...
ikiwiki -- multiple vulnerabilities
Mitre reports: ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page...
WordPress FormBuilder 1.05 Cross Site Scripting
------------------------------------------------------------------------ Cross-Site Scripting in FormBuilder WordPress Plugin ------------------------------------------------------------------------ Peter Ganzevles, July 2016 -----------------------------------------------------------------------...
FormBuilder <= 1.05 - Authenticated Reflected Cross-Site Scripting (XSS)
The FormBuilder WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability...
Formbuilder < 0.91 - XSS
The FormBuilder WordPress plugin was affected by a XSS security vulnerability...