17 matches found
EUVD-2022-42550
Malicious code in bioql PyPI...
BIT-DOKUWIKI-2022-3123 Cross-site Scripting (XSS) - Reflected in splitbrain/dokuwiki
Cross-site Scripting XSS - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a...
CVE-2022-3123
Cross-site Scripting XSS - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a...
CVE-2022-3123
Cross-site Scripting XSS - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a...
UBUNTU-CVE-2022-3123
Cross-site Scripting XSS - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a...
CVE-2022-3123
Cross-site Scripting XSS - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a...
Cross site scripting
Cross-site Scripting XSS - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a...
CVE-2022-3123 Cross-site Scripting (XSS) - Reflected in splitbrain/dokuwiki
Cross-site Scripting XSS - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a...
CVE-2022-3123 Cross-site Scripting (XSS) - Reflected in splitbrain/dokuwiki
Cross-site Scripting XSS - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a...
CVE-2022-3123
CVE-2022-3123 : A reflected XSS vulnerability in DokuWiki (splitbrain/dokuwiki) was present prior to 2022-07-31a. Connected sources confirm affected software is DokuWiki and the issue arises from reflected XSS in user input that can be echoed in responses. Multiple advisories indicate fixes/updat...
Improper Access Control in splitbrain/dokuwiki
Description Users can access drafts of restricted files if they have create permissions on the same namespace and have the ability to create their own usernames due to the conflicting cache names. This can reveal draft contents, delete draft and overwrite the draft content of the restricted file...
Cross-Site Request Forgery (CSRF) in splitbrain/dokuwiki
Description Although security token is present in the delete draft POST request. It is not being checked in the backend by checkSecurityToken CSRF checks. Proof of Concept 1: As a logged-in user create a draft page, on the data/cache directory of the server run the command to confirm a draft has...
Cross-Site Request Forgery (CSRF) in splitbrain/dokuwiki
Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' Impact This vulnerability is capable of forging users to unintentional logout. More Detail One way GET could be abused here is that a person competito...
Cross-Site Request Forgery (CSRF) in splitbrain/dokuwiki
Description Another low-severity CSRF last one, I think. identified on styling page Proof of Concept Requests to the following endpoint used by admins to edit template styling settings do not contain sectok CSRF token POST /doku.php?id=start&do=admin&page=styling Impact This vulnerability is...
CVE-2010-0288
A typo in the administrator permission check in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010...
DocuWiki version 2009-12-25 suffers from directory traversal listing and modification vulnerabilitie
No description provided by source. Reported: 13-01-2010 Patched: 13-01-2010 Released: 14-01-2010 Vulnerable version : http://www.splitbrain.org/media/projects/dokuwiki/dokuwiki-2009-12-25.tgz Patched version: http://www.splitbrain.org/media/projects/dokuwiki/dokuwiki-2009-12-25b.tgz Author:...
DocuWiki With ImageMagick远程命令执行和拒绝服务漏洞
DocuWiki是一款基于web的WIKI程序。 DocuWiki存在多个安全问题,远程攻击者可以利用漏洞进行拒绝服务和命令执行攻击。 问题一是对图像的调整大小处理没有进行限制,可导致拒绝服务攻击。当libGD使用时(默认需要)必须先计算所需RAM,如果没有足够的RAM(一般8到20MB)给php进程使用,那么函数就会放弃。但是如果使用ImageMagick $conf'imconvert'使用时,没有限制存在,允许攻击者利用此特性消耗大量内存,造成拒绝服务攻击。...