71 matches found
Debian DSA-1371-1 : phpwiki - several vulnerabilities
Several vulnerabilities have been discovered in phpWiki, a wiki engine written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2024 It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file...
[SECURITY] [DSA 1371-1] New phpwiki packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 1371-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst September 11th, 2007 http://www.debian.org/security/faq -...
DSA-1371-1 phpwiki - several vulnerabilities
Bulletin has no description...
CVE-2007-3193
lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORDLENGTHMINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldapbind to return true when used with certain LDAP implementations...
Authentication flaw
lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORDLENGTHMINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldapbind to return true when used with certain LDAP implementations...
CVE-2007-3193
lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORDLENGTHMINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldapbind to return true when used with certain LDAP implementations...
CVE-2007-3193
lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORDLENGTHMINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldapbind to return true when used with certain LDAP implementations...
CVE-2007-3193
CVE-2007-3193 affects PhpWiki (lib/WikiUser/LDAP.php) prior to 1.3.13p1, where a configuration with PASSWORD_LENGTH_MINIMUM not set to a nonzero value may allow remote authentication bypass via an empty password, causing ldap_bind to return true on some LDAP implementations. A remote attacker cou...
GLSA-200705-16 : PhpWiki: Remote execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200705-16 PhpWiki: Remote execution of arbitrary code Harold Hallikainen has reported that the Upload page fails to properly check the extension of a file. Impact : A remote attacker could upload a specially crafted PHP file to th...
PhpWiki: Remote execution of arbitrary code
Background PhpWiki is an open source content management system written in PHP. Description Harold Hallikainen has reported that the Upload page fails to properly check the extension of a file. Impact A remote attacker could upload a specially crafted PHP file to the vulnerable server, resulting i...
CVE-2007-2025
Unrestricted file upload vulnerability in the UpLoad feature lib/plugin/UpLoad.php in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file...
CVE-2007-2024
Unrestricted file upload vulnerability in the UpLoad feature lib/plugin/UpLoad.php in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a 1 php3, 2 php4, or 3 php5 extension...
CVE-2007-2025
Unrestricted file upload vulnerability in the UpLoad feature lib/plugin/UpLoad.php in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file...
CVE-2007-2025
Unrestricted file upload vulnerability in the UpLoad feature lib/plugin/UpLoad.php in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file...
Unrestricted file upload
Unrestricted file upload vulnerability in the UpLoad feature lib/plugin/UpLoad.php in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file...
Unrestricted file upload
Unrestricted file upload vulnerability in the UpLoad feature lib/plugin/UpLoad.php in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a 1 php3, 2 php4, or 3 php5 extension...
CVE-2007-2025
Unrestricted file upload vulnerability in the UpLoad feature lib/plugin/UpLoad.php in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file...
CVE-2007-2025
CVE-2007-2025 : PhpWiki 1.3.11p1’s UpLoad feature (lib/plugin/UpLoad.php) allows unrestricted file uploads due to insufficient file-name validation. An attacker can upload a PHP file with a double extension (e.g., .php.3), which Apache may execute, leading to remote code execution. Remediation in...
CVE-2007-2024
PhpWiki 1.3.x is affected by an Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) that allows remote attackers to upload PHP files with extensions such as php3, php4, or php5. The issue arises from insufficient validation of uploaded file names, enabling potenti...
CVE-2007-2024
Unrestricted file upload vulnerability in the UpLoad feature lib/plugin/UpLoad.php in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a 1 php3, 2 php4, or 3 php5 extension...