11 matches found
EUVD-2020-0113
Malware in sbrugna...
EUVD-2022-1667
Malicious code in bioql PyPI...
GHSA-FJ26-Q4VH-85F6 MoinMoin Cross-site Scripting (XSS) vulnerability
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting XSS" issue affecting the action=fckdialog&dialog=attachment via page name component...
GHSA-M9J7-XCJ7-42J9 MoinMoin Cross-site Scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in the reStructuredText rst parser in parser/textrst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some...
GHSA-5JJR-GMQ3-F986 MoinMoin has improper default configuration
The default configuration of cfg.packagepagesactionsexcluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors...
CVE-2012-6495
Multiple directory traversal vulnerabilities in the 1 twikidraw action/twikidraw.py and 2 anywikidraw action/anywikidraw.py actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged wi...
PYSEC-2012-10
security/init.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group...
CVE-2010-0667
Removed by vendor...
CVE-2008-6549
The passwordchecker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service segmentation fault and crash via unknown vectors...
CVE-2008-6548
The rst parser parser/textrst.py in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors...
MoinMoin: Group ACL bypass
Background MoinMoin is a Python clone of WikiWiki, based on PikiPiki. Description MoinMoin contains two unspecified bugs, one allowing anonymous users elevated access when not using ACLs, and the other in the ACL handling in the PageEditor. Impact Restrictions on anonymous users were not properly...