12 matches found
EUVD-2017-1609
Malware in sbrugna...
CVE-2017-1000497
Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution...
Open Redirect in sbrl/pepperminty-wiki
Description I saw this report https://huntr.dev/bounties/89f222e4-2aaa-44f8-8b24-657d3a0e741f/ and this fix commit : https://github.com/sbrl/Pepperminty-Wiki/blob/f59e68127cb4147e49f9453e1f657cc24972fda5/modules/page-login.phpL167 and I find out that you never use the new $returntoredirect...
Cross-site Scripting (XSS) - Reflected in sbrl/pepperminty-wiki
āļø Description Stored XSS in action šµļøāāļø Proof of Concept 1. Navigate to "index.php?action=alert1;&page=Main Page" 2. See XSS executed š„ Impact With this vulnerability, You can run arbitrary java script on all users...
Open Redirect in sbrl/pepperminty-wiki
Description Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain...
Pepperminty Wiki č·Øē«čę¬ę¼ę“
Pepperminty Wiki is an open source complete wiki engine contained in a single file. Pepperminty Wiki suffers from a cross-site scripting vulnerability that stems from insufficient cleaning of user-supplied data in the Wiki Name field. An attacker can exploit this vulnerability to inject and execu...
Pepperminty-Wiki XXE Attack Vulnerability
Pepperminty-Wiki is an open source hypertext system. The system supports file uploads, history, and dynamic support. A security vulnerability exists in the 'getsvgsize' function in Pepperminty-Wiki version 0.15. A remote attacker can exploit this vulnerability to cause a denial of service and...
CVE-2017-1000497
Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution...
CVE-2017-1000497
Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution...
Remote code execution
Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution...
CVE-2017-1000497
Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution...
CVE-2017-1000497
Pepperminty-Wiki v0.15 is vulnerable to XXE in the getsvgsize function, causing denial of service and possibly remote code execution. No patch/version details are provided in the sources; remediation not specified.