11 matches found
EUVD-2010-0006
Malware in sbrugna...
EUVD-2022-3375
Malicious code in bioql PyPI...
EUVD-2022-3012
Malicious code in bioql PyPI...
GHSA-5M2M-27CG-7V4V MoinMoin Cross-site Scripting (XSS) vulnerability
Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to 1 Page.py, 2 PageEditor.py, 3 PageGraphicalEditor.py, 4 action/CopyPage.py, 5...
GHSA-6GX4-29V9-G9Q5 MoinMoin Multiple vulnerable to directory traversal
Multiple directory traversal vulnerabilities in the 1 twikidraw action/twikidraw.py and 2 anywikidraw action/anywikidraw.py actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged wi...
GHSA-574F-MH6M-C6QM MoinMoin has multiple vulnerabilities related to superuser list, xmlrpc and OpenID configuration
Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured...
GHSA-M84W-VGWF-P893 MoinMoin Multiple cross-site scripting (XSS) vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via 1 the page info, or the page name in a 2 AttachFile, 3 RenamePage, or 4 LocalSiteMap action...
USN-1680-1: MoinMoin vulnerabilities
It was discovered that MoinMoin did not properly sanitize its input when processing AnyWikiDraw and TWikiDraw actions. A remote attacker with write access could exploit this to overwrite arbitrary files and execute arbitrary code with the priviliges of the web server user 'www-data'. It was...
CVE-2010-2970
Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to 1 action/SlideShow.py, 2 action/anywikidraw.py, and 3 action/languagesetup.py, a similar issue to CVE-2010-2487...
CVE-2009-4762
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603...
CVE-2007-0857
Multiple cross-site scripting XSS vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via 1 the page info, or the page name in a 2 AttachFile, 3 RenamePage, or 4 LocalSiteMap action...