Lucene search
K

4 matches found

NVD
NVD
added 2014/12/31 9:59 p.m.20 views

CVE-2014-9367

Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting XSS attacks via a "'" single quote in the scope parameter to do/view/TWiki/WebSearch...

4.3CVSS5.7AI score0.01903EPSS
Exploits2References4
Prion
Prion
added 2014/12/31 9:59 p.m.23 views

Cross site scripting

Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting XSS attacks via a "'" single quote in the scope parameter to do/view/TWiki/WebSearch...

4.3CVSS6AI score0.01903EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2014/10/16 12:0 a.m.30 views

CVE-2014-7237

lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte %00 in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code...

7.4AI score0.20059EPSS
Exploits3References4
0day.today
0day.today
added 2014/10/10 12:0 a.m.73 views

Twiki Perl 4.x, 5.x, 6.x Upload Bypass / Code Execution Vulnerabilities

The debugenableplugins request parameter in Twiki versions 4.x, 5.x, and 6.0.0 allows arbitrary Perl code execution and suffer from a file upload bypass vulnerability. This is an advisory for TWiki administrators: The debugenableplugins request parameter allows arbitrary Perl code execution...

6.8CVSS0.1AI score0.55637EPSS
Exploits14
Rows per page
Query Builder