10 matches found
EUVD-2013-5426
Malware in sbrugna...
EUVD-2007-2544
Malware in sbrugna...
EUVD-2007-2606
Malware in sbrugna...
EUVD-2011-4381
Malware in sbrugna...
EUVD-2007-2545
Malware in sbrugna...
EUVD-2006-7032
Malware in sbrugna...
CVE-2011-4451
libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spamlogging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlogpath file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the...
CVE-2011-4452
Cross-site request forgery CSRF vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an image action...
CVE-2011-4450
Directory traversal vulnerability in handlers/files.xml/files.xml.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to read or delete arbitrary files via a non-initial .. dot dot in the file parameter, as demonstrated by the /../../wikka.config.php pathname in a download action...
CVE-2011-4449
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANETMODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a...