CVE-2010-0668
- EPSS 2.18%
- Veröffentlicht 26.02.2010 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:16:37
Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages acti...
- EPSS 1.87%
- Veröffentlicht 26.02.2010 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:16:37
MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2009-1482
- EPSS 2.48%
- Veröffentlicht 29.04.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:07:21
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors...
CVE-2008-6603
- EPSS 1.64%
- Veröffentlicht 03.04.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:02:33
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.
- EPSS 1%
- Veröffentlicht 30.03.2009 01:30:00
- Zuletzt bearbeitet 16.06.2026 23:02:25
The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.
- EPSS 1.48%
- Veröffentlicht 30.03.2009 01:30:00
- Zuletzt bearbeitet 16.06.2026 23:02:26
The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via u...