PmWiki Pagelist 'order' Parameter PHP Code Injection Vulnerability

The host is running PmWiki and is prone to PHP code injection vulnerability. OpenVAS Vulnerability Test $Id: secpodpmwikipagelistorderparamphpcodeinjvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ PmWiki Pagelist 'order' Parameter PHP Code Injection Vulnerability Authors: Sooraj KS Copyright:...

PmWiki 2.0.x < 2.2.35 PHP Code Injection Vulnerability - Active Check

PmWiki is prone to a PHP code injection vulnerability. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you ca...

PmWiki &lt;= 2.2.34 &#40;pagelist&#41; Remote PHP Code Injection Vulnerability

------------------------------------------------------------------- PmWiki = 2.2.34 pagelist Remote PHP Code Injection Vulnerability ------------------------------------------------------------------- author...............: Egidio Romano aka EgiX mail.................: n0b0d13satgmaildotcom...

PmWiki 2.2.34 - pagelist Remote PHP Code Injection (1)

PmWiki 2.2.34 - pagelist Remote PHP Code Injection 1 $r 454. if @$PageListSortCmp$o 455. $code .= "$c = $PageListSortCmp$o; "; 456. else 457. $code .= "$c = @strcasecmp$PCache$x'$o',$PCache$y'$o'; "; 458. $code .= "if $c return $r$c;\n"; 459. 460. StopWatch'PageListSort sort'; 461. if $code...

PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Exploit

Exploit for php platform in category web applications $r 454. if @$PageListSortCmp$o 455. $code .= "$c = $PageListSortCmp$o; "; 456. else 457. $code .= "$c = @strcasecmp$PCache$x'$o',$PCache$y'$o'; "; 458. $code .= "if $c return $r$c;\n"; 459. 460. StopWatch'PageListSort sort'; 461. if...

BlogIt <= 1.6.0 Php Code Injection Vulnerability

Exploit for php platform in category web applications =================================================================== BlogIt Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 0 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1 + Discovered B...

PmWiki Cross Site Scripting

Hi you can xss pmwiki like this: http://dtcsupport.gplhost.com/Main/WikiSandbox?from=%22/%3E%3Cbody%20onload=alert%281%29%3E Also the above it seems to behave differently across versions of pmwiki. If it doesn't work ...html injection like this should:...

PmWiki Table Feature 'width' Parameter Cross-site scripting vulnerability

The host is running PmWiki and is prone to cross-site scripting vulnerability. OpenVAS Vulnerability Test $Id: gbpmwikixssvuln.nasl 5373 2017-02-20 16:27:48Z teissa $ PmWiki Table Feature 'width' Parameter Cross-site scripting vulnerability Authors: Sooraj KS Copyright: Copyright c 2010 Greenbone...

PmWiki Detection (HTTP)

HTTP based detection of PmWiki. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.801209";...

PmWiki < 2.2.16 XSS Vulnerability

PmWiki is prone to a cross-site scripting XSS vulnerability. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

CVE-2010-1481

Cross-site scripting XSS vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute...

CVE-2010-1481

The CVE-2010-1481 entry concerns the PmWiki table feature vulnerability in PmWiki 2.2.15. The root cause is that the width parameter is not properly escaped, allowing XSS to be injected by remote authenticated users via the table width attribute. Affected software: PmWiki 2.2.15. Impact: cross-si...

pmwiki: persistent cross site scripting &#40;XSS&#41;, CVE-2010-1481

pmwiki: persistent cross site scripting XSS, CVE-2010-1481 References https://vulners.com/cve/CVE-2010-1481 http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html Description The table feature of pmwiki is vulnerable to persistent cross site scripting XSS. The value of the width-parameter is not...

Pmwiki Cross Site Scripting

pmwiki: persistent cross site scripting XSS, CVE-2010-1481 References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1481 http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html Description The table feature of pmwiki is vulnerable to persistent cross site scripting XSS. The value of the...

PmWiki表格标记脚本注入漏洞

PmWiki是一种基于Wiki技术的开源多人协作站点创建和维护工具。 PmWiki没有验证各种表格标记的输入，允许攻击者注入任意HTML和脚本代码。如果受害用户浏览了这些代码的话，就会导致在浏览器会话中执行。 Patrick Michaud PmWiki 2.1.17 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.pmichaud.com/wiki/PmWiki/Download...

PmWiki < 2.1.21 Global Variables Overwriting

The version of PmWiki installed on the remote host contains a programming flaw in 'pmwiki.php' that may allow an unauthenticated remote attacker to overwrite global variables used by the application, which could in turn be exploited to execute arbitrary PHP code on the affected host, subject to t...

PmWiki 2.1.19 - Zend_Hash_Del_Key_Or_Index Remote Command Execution

PmWiki 2.1.19 - ZendHashDelKeyOrIndex Remote Command Execution !/usr/bin/php -q -d shortopentag=on -------------------------------------------------------------------------------- '; die; errorreporting0; iniset"maxexecutiontime",0; iniset"defaultsockettimeout",5...

PmWiki 2.1.19 - &#039;Zend_Hash_Del_Key_Or_Index&#039; Remote Command Execution

!/usr/bin/php -q -d shortopentag=on -------------------------------------------------------------------------------- '; die; errorreporting0; iniset"maxexecutiontime",0; iniset"defaultsockettimeout",5; function quickdump$...

PmWiki <= 2.1.19 (Zend_Hash_Del_Key_Or_Index) Remote Exploit

Exploit for unknown platform in category web applications ============================================================ PmWiki -------------------------------...

CVE-2006-4453

Cross-site scripting XSS vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "table markups"...