CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8761 – Debian Security Advisory 3059-1
https://notcve.org/view.php?id=CVE-2014-8761
22 Oct 2014 — inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call. inc/template.php en DokuWiki anterior a 2014-05-05a solamente comprueba para el acceso al espacio de nombre root, lo que permite a atacantes remotos acceder a imágenes arbitrarias a través de una llamada ajax para detalles de ficheros de los medios. Two vulnerabilities have been discovered in dokuwiki. Access control in the... • http://advisories.mageia.org/MGASA-2014-0438.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2014-8763 – Debian Security Advisory 3059-1
https://notcve.org/view.php?id=CVE-2014-8763
22 Oct 2014 — DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind. DokuWiki anterior a 2014-05-05b, cuando utiliza Active Directory para la autenticación LDAP, permite a atacantes remotos evadir la autenticación a través de una contraseña que empiece por un caracter nulo (\0) y un nombre de usuario válido, lo que provoca un bind no ... • http://advisories.mageia.org/MGASA-2014-0438.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2014-8764 – Debian Security Advisory 3059-1
https://notcve.org/view.php?id=CVE-2014-8764
22 Oct 2014 — DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind. DokuWiki 2014-05-05a y anteriores, cuando utiliza Active Directory para la autenticación LDAP, permite a atacantes remotos evadir la autenticación a través de un nombre de usuario y una contraseña que empiece por un caracter nulo (\0), lo que provoca un bind anónimo. Two vuln... • http://advisories.mageia.org/MGASA-2014-0438.html • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 0CVE-2012-0283
https://notcve.org/view.php?id=CVE-2012-0283
13 Jul 2012 — Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función tpl_mediaFileList en inc/template.php en DokuWiki anterior a 2012-01-25b, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetr... • http://bugs.dokuwiki.org/index.php?do=details&task_id=2561 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2011-2510
https://notcve.org/view.php?id=CVE-2011-2510
14 Jul 2011 — Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbitrary web script or HTML via a link. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad RSS dentro de DokuWiki anterior a v2011-05-25a Rincewind permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un link. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631818 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 8%CPEs: 29EXPL: 2CVE-2010-0287 – dokuwiki 2009-12-25 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0287
15 Feb 2010 — Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter. Vulnerabilidad de salto de directorio en el plugin ACL Manager (plugins/acl/ajax.php) de DokuWiki en versiones anteriores a la v2009-12-25b permite a usuarios remotos listar los contenidos de directorios de su elección a través de .. (punto punto) en el parámetro ns. • https://www.exploit-db.com/exploits/11141 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 15%CPEs: 29EXPL: 2CVE-2010-0288 – dokuwiki 2009-12-25 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0288
15 Feb 2010 — A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010. Una errata en el check del permiso de administrador del plugin ACL Manager (plugins/acl/ajax.php) de DokuWiki en versiones anteriores a la v2009-12-25b permite a atacantes remotos obtener privlegios y acceder a wikis cerrados editando las r... • https://www.exploit-db.com/exploits/11141 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 0CVE-2010-0289
https://notcve.org/view.php?id=CVE-2010-0289
15 Feb 2010 — Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el plugin ACL Manager (plugins/acl/ajax.php) de DokuWiki en versiones anteriores a la v2009-12-25c. Permiten a atacant... • http://bugs.splitbrain.org/index.php?do=details&task_id=1853 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 17%CPEs: 2EXPL: 0CVE-2007-3930
https://notcve.org/view.php?id=CVE-2007-3930
21 Jul 2007 — Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain. Conflicto de Interpretación entre Microsoft Internet Explorer y DocuWiki version... • http://bugs.splitbrain.org/index.php?do=details&task_id=1195 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2006-6965
https://notcve.org/view.php?id=CVE-2006-6965
29 Jan 2007 — CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this issue can be leveraged for XSS attacks. Vulnerabilidad de inyección CRLF en lib/exe/fetch.php en DokuWiki 2006-03-09e, y posiblemente anteriores, permite a atacantes remotos inyectar cabeceras HTTP de su elección y llevar a cabo ataques de división de respuest... • http://osvdb.org/31620 •