EUVD-2009-4058

Malware in sbrugna...

CVE-2009-4088

Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to 1 getjs.php and 2 getcsslocal.php; and include and execute arbitrary local files via the 3 group parameter to...

CVE-2009-4090

Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier script allows remote attackers to execute arbitrary code by uploading a file with a name containing a NULL byte...

CVE-2009-4087

Cross-site scripting XSS vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2009-4089

telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and 1 delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or 2 delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

Directory traversal

Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to 1 getjs.php and 2 getcsslocal.php; and include and execute arbitrary local files via the 3 group parameter to...

CVE-2009-4087

The CVE-2009-4087 issue affects Telepark.wiki, specifically the index.php entry point for version 2.4.23 and earlier. The vulnerability is a Cross-site Scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via PATH_INFO. The OpenVAS and NVD records corroborate a...

CVE-2009-4089

telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and 1 delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or 2 delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php...

CVE-2009-4089

Telepark.wiki versions 2.4.23 and earlier are affected. Affected component: ajax/deletePage.php (modified pageID) allows deletion of arbitrary pages; ajax/deleteComment.php (modified pageID) allows deletion of arbitrary comments. Root cause: insufficient access control in Telepark.wiki web endpoi...

CVE-2009-4088

Telepark.wiki is affected by multiple directory traversal vulnerabilities (Telepark.wiki 2.4.23 and earlier). The issues arise from directory traversal sequences in the css parameter to getjs.php and getcsslocal.php, enabling remote attackers to read arbitrary files, and from the group parameter ...

CVE-2009-4087

Cross-site scripting XSS vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2009-4090

CVE-2009-4090 affects Telepark.wiki prior to or equal to 2.4.23. The flaw is an unrestricted file upload in ajax/addComment.php that allows an attacker to upload a file with a NULL byte in the name, enabling remote code execution. Multiple connected sources (NVD entry, OpenVAS NASL, CVE mirrors) ...

CVE-2009-4090

Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier script allows remote attackers to execute arbitrary code by uploading a file with a name containing a NULL byte...