9 matches found
MoinMoin Improper Access Control
macroGetval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages. The issue has been fixed on 4a7de0173734...
CVE-2008-1098
Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 certain input processed by formatter/textgedit.py aka the gui editor formatter; 2 a page name, which triggers an injection in PageEditor.py when the...
CVE-2008-0781
Multiple cross-site scripting XSS vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 message, 2 pagename, and 3 target filenames...
Code injection
macroGetval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 certain input processed by formatter/textgedit.py aka the gui editor formatter; 2 a page name, which triggers an injection in PageEditor.py when the...
CVE-2008-1098
Removed by vendor...
CVE-2008-1099
Removed by vendor...
CVE-2008-0782
Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot in the MOINID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter...
CVE-2008-0782
Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot in the MOINID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter...