Moinmoin@1.6.1 Security Vulnerabilities and Issues — Moinmoin@1.6.1 CVE List

Lucene search

MoinmoMoinmoin1.6.1

11 matches found

CVE•added 2013/01/03 1:55 a.m.•90 views

CVE-2012-6081

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extensio...

6CVSS7.4AI score0.76114EPSS

CVE•added 2010/02/26 7:30 p.m.•67 views

CVE-2010-0717

The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.

7.5CVSS6.3AI score0.00606EPSS

CVE•added 2011/02/22 6:0 p.m.•64 views

CVE-2011-1058

Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: s...

2.6CVSS5.4AI score0.00844EPSS

CVE•added 2010/08/05 1:22 p.m.•63 views

CVE-2010-2487

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage...

4.3CVSS5.5AI score0.01315EPSS

CVE•added 2010/02/26 7:30 p.m.•58 views

CVE-2010-0669

MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.

7.5CVSS6.3AI score0.01448EPSS

CVE•added 2010/08/05 1:22 p.m.•58 views

CVE-2010-2969

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CV...

4.3CVSS5.7AI score0.01315EPSS

CVE•added 2013/01/03 1:55 a.m.•56 views

CVE-2012-6495

Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be levera...

6CVSS7.2AI score0.76114EPSS

CVE•added 2010/02/26 7:30 p.m.•52 views

CVE-2010-0668

Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.

6.8CVSS6.2AI score0.01554EPSS

CVE•added 2009/03/30 1:30 a.m.•48 views

CVE-2008-6548

The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.

5CVSS6.3AI score0.00228EPSS

CVE•added 2009/04/29 6:30 p.m.•48 views

CVE-2009-1482

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_for...

4.3CVSS5.4AI score0.03091EPSS

CVE•added 2009/03/30 1:30 a.m.•43 views

CVE-2008-6549

The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.

5CVSS6.7AI score0.00543EPSS