Page 2 of 19 results (0.001 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229. La solución para ikiwiki para CVE-2016-10026 era incompleta, lo que resulta en la omisión de las restricciones de edición para git revert al emplear las versiones de git inferiores a la 2.8.0. Esto se ha solucionado en 3.20161229. • https://ikiwiki.info/security/#cve-2016-9645 https://marc.info/?l=oss-security&m=148304341511854&w=2 https://security-tracker.debian.org/tracker/CVE-2016-9645 • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made. ikiwiki 3.20161219 no verifica adecuadamente si una revisión cambia los permisos de acceso para una página en sitios con los plugins git y recentchanges y la interfaz CGI habilitados, lo que permite a atacantes remotos revertir ciertos cambios aprovechando permisos para cambiar la página antes de que sea hecha la revisión. • http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed http://www.debian.org/security/2017/dsa-3760 http://www.openwall.com/lists/oss-security/2016/12/21/3 http://www.openwall.com/lists/oss-security/2016/12/29/3 https://ikiwiki.info/security/#index46h2 • CWE-284: Improper Access Control •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery. ikiwiki, en versiones anteriores a la 3.20161229, llamó incorrectamente al método CGI::FormBuilder->field (similar a la API CGI->param que desembocó en el CVE-2014-1572 de Bugzilla), que puede aprovecharse para falsificar metadatos del commit. • https://ikiwiki.info/security/#cve-2016-9646 https://marc.info/?l=oss-security&m=148304341511854&w=2 https://security-tracker.debian.org/tracker/CVE-2016-9646 https://www.debian.org/security/2017/dsa-3760 • CWE-287: Improper Authentication •

CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 1

A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters. Existe un error similar a CVE-2016-9646 en ikiwiki, en versiones anteriores a la 3.20170111, en el uso del plugin passwordauth de CGI::FormBuilder. Esto permite que un atacante omita la autenticación mediante parámetros repetidos. • http://www.securityfocus.com/bid/95420 https://ikiwiki.info/security/#cve-2017-0356 https://marc.info/?l=oss-security&m=148418234314276&w=2 https://www.debian.org/security/2017/dsa-3760 • CWE-287: Improper Authentication •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message. Vulnerabilidad de XSS en la función cgierror en CGI.pm en ikiwiki en versiones anteriores a 3.20160506 podría permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados que implican un mensaje de error. • http://ikiwiki.info/security/#index43h2 http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=32ef584dc5abb6ddb9f794f94ea0b2934967bba7 http://www.debian.org/security/2016/dsa-3571 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •