CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0CVE-2013-1751
https://notcve.org/view.php?id=CVE-2013-1751
07 Nov 2019 — TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters. TWiki versiones anteriores a 5.1.4, permite a atacantes remotos ejecutar comandos de shell arbitrarios mediante el envío de un valor del parámetro "%MAKETEXT{}%" diseñado que contiene caracteres Perl backtick. • http://www.securitytracker.com/id/1028149 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 84%CPEs: 7EXPL: 6CVE-2014-7236 – TWiki Debugenableplugins - Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-7236
10 Oct 2014 — Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome. Una vulnerabilidad de inyección Eval en la biblioteca lib/TWiki/Plugins.pm en TWiki versiones anteriores a 6.0.1, permite a atacantes remotos ejecutar código de Perl arbitrario por medio del parámetro debugenableplugins en el archivo do/view/Main/WebHome. TWiki versions 4.0.x through 6.0.0 contain a vulnerability in th... • https://packetstorm.news/files/id/128623 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 26%CPEs: 2EXPL: 4CVE-2014-7237 – Twiki Upload Bypass
https://notcve.org/view.php?id=CVE-2014-7237
10 Oct 2014 — lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code. lib/TWiki/Sandbox.pm en TWiki 6.0.0 y anteriores, cuando se ejecuta en Windows, permite a atacantes remotos evadir las restricciones de acceso y subir ficheros con nombres restringidos a través un byte nulo (%00) en el nom... • https://packetstorm.news/files/id/128622 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 73%CPEs: 16EXPL: 1CVE-2012-6330 – Foswiki MAKETEXT - Remote Command Execution
https://notcve.org/view.php?id=CVE-2012-6330
04 Jan 2013 — The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro. La funcionalidad de localización en TWiki anteriores a v5.1.3, y Foswiki v1.0.x hasta v1.0.10 y v1.1.x hasta v1.1.6, permite a atacantes remotos a provocar una denegación de servicio (consumo de memoria)a través de un entero largo en una macro %MAKETEXT%. • https://www.exploit-db.com/exploits/23580 • CWE-189: Numeric Errors •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 4CVE-2010-3841 – TWiki 5.0 - '/bin/view?rev' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-3841
18 Oct 2010 — Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en lib/TWiki.pm de TWiki en versiones anteriores a la v5.0.1 permiten a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de (1) el parámetro rev al script ... • https://www.exploit-db.com/exploits/34842 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 21EXPL: 2CVE-2008-5304 – TWiki 4.x - 'URLPARAM' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-5304
10 Dec 2008 — Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en TWiki anterior a v4.2.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de la variable %URLPARAM{}%. • https://www.exploit-db.com/exploits/32646 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 1CVE-2006-3336
https://notcve.org/view.php?id=CVE-2006-3336
05 Jul 2006 — TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory. Vulnerabilidad en TWiki desde la versión del 01-Dic-2000 hasta la versión v4.0.3 que permite a atacantes remotos saltarse el "upload filter" (filtro o control de subida) y ejecutar código de s... • http://secunia.com/advisories/20992 •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2006-1387
https://notcve.org/view.php?id=CVE-2006-1387
26 Mar 2006 — TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE by URL statements that form a loop, such as a page that includes itself. • http://secunia.com/advisories/19410 •