CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8763 – Debian Security Advisory 3059-1
https://notcve.org/view.php?id=CVE-2014-8763
22 Oct 2014 — DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind. DokuWiki anterior a 2014-05-05b, cuando utiliza Active Directory para la autenticación LDAP, permite a atacantes remotos evadir la autenticación a través de una contraseña que empiece por un caracter nulo (\0) y un nombre de usuario válido, lo que provoca un bind no ... • http://advisories.mageia.org/MGASA-2014-0438.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8762 – Debian Security Advisory 3059-1
https://notcve.org/view.php?id=CVE-2014-8762
22 Oct 2014 — The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter. La función ajax_mediadiff en DokuWiki anterior a 2014-05-05a permite a atacantes remotos acceder a imágenes arbitrarias a través de un espacio de nombre manipulado en el parámetro ns. Two vulnerabilities have been discovered in dokuwiki. Access control in the media manager was insufficiently restricted and authentication could be bypassed when using Activ... • http://advisories.mageia.org/MGASA-2014-0438.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8761 – Debian Security Advisory 3059-1
https://notcve.org/view.php?id=CVE-2014-8761
22 Oct 2014 — inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call. inc/template.php en DokuWiki anterior a 2014-05-05a solamente comprueba para el acceso al espacio de nombre root, lo que permite a atacantes remotos acceder a imágenes arbitrarias a través de una llamada ajax para detalles de ficheros de los medios. Two vulnerabilities have been discovered in dokuwiki. Access control in the... • http://advisories.mageia.org/MGASA-2014-0438.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 0CVE-2012-0283
https://notcve.org/view.php?id=CVE-2012-0283
13 Jul 2012 — Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función tpl_mediaFileList en inc/template.php en DokuWiki anterior a 2012-01-25b, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetr... • http://bugs.dokuwiki.org/index.php?do=details&task_id=2561 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2011-2510
https://notcve.org/view.php?id=CVE-2011-2510
14 Jul 2011 — Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbitrary web script or HTML via a link. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad RSS dentro de DokuWiki anterior a v2011-05-25a Rincewind permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un link. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631818 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 0CVE-2010-0289
https://notcve.org/view.php?id=CVE-2010-0289
15 Feb 2010 — Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el plugin ACL Manager (plugins/acl/ajax.php) de DokuWiki en versiones anteriores a la v2009-12-25c. Permiten a atacant... • http://bugs.splitbrain.org/index.php?do=details&task_id=1853 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 2CVE-2010-0287 – dokuwiki 2009-12-25 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0287
15 Feb 2010 — Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter. Vulnerabilidad de salto de directorio en el plugin ACL Manager (plugins/acl/ajax.php) de DokuWiki en versiones anteriores a la v2009-12-25b permite a usuarios remotos listar los contenidos de directorios de su elección a través de .. (punto punto) en el parámetro ns. • https://www.exploit-db.com/exploits/11141 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 29EXPL: 2CVE-2010-0288 – dokuwiki 2009-12-25 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0288
15 Feb 2010 — A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010. Una errata en el check del permiso de administrador del plugin ACL Manager (plugins/acl/ajax.php) de DokuWiki en versiones anteriores a la v2009-12-25b permite a atacantes remotos obtener privlegios y acceder a wikis cerrados editando las r... • https://www.exploit-db.com/exploits/11141 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 14%CPEs: 2EXPL: 0CVE-2007-3930
https://notcve.org/view.php?id=CVE-2007-3930
21 Jul 2007 — Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain. Conflicto de Interpretación entre Microsoft Internet Explorer y DocuWiki version... • http://bugs.splitbrain.org/index.php?do=details&task_id=1195 •
CVSS: 9.8EPSS: 2%CPEs: 27EXPL: 1CVE-2006-4674
https://notcve.org/view.php?id=CVE-2006-4674
11 Sep 2006 — Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php. Vulnerabilidad de inyección de código estático directo en doku.php en DokuWiki anterior a 30/09/2006 permite a un atacante remoto ejecutar código PHP de su elección a través de la cabecera X-FORWARDED-FOR HTTP, la cual está almancenada en config.php. • http://bugs.splitbrain.org/index.php?do=details&id=906 •