Twiki

Twiki

29 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2011-1838

Exploit
  • EPSS 8.72%
  • Veröffentlicht 20.05.2011 22:55:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script.

4.3

CVE-2010-3841

Exploit
  • EPSS 0.17%
  • Veröffentlicht 18.10.2010 17:00:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script.

6.8

CVE-2009-4898

  • EPSS 0.13%
  • Veröffentlicht 07.09.2010 17:00:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM...

6

CVE-2009-1339

Exploit
  • EPSS 0.36%
  • Veröffentlicht 30.04.2009 20:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of...

10

CVE-2008-5305

  • EPSS 2.94%
  • Veröffentlicht 10.12.2008 00:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.

4.3

CVE-2008-5304

Exploit
  • EPSS 5.52%
  • Veröffentlicht 10.12.2008 00:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable.

6.9

CVE-2008-4998

  • EPSS 0.12%
  • Veröffentlicht 07.11.2008 19:36:24
  • Zuletzt bearbeitet 09.04.2025 00:30:58

postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid.

6.8

CVE-2008-3195

  • EPSS 57.51%
  • Veröffentlicht 18.09.2008 15:04:27
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, an...

5

CVE-2007-5193

  • EPSS 0.23%
  • Veröffentlicht 04.10.2007 16:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive informa...

4.6

CVE-2007-0669

  • EPSS 0.11%
  • Veröffentlicht 08.02.2007 22:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files.