Page 2 of 15 results (0.004 seconds)

CVSS: 6.0EPSS: 3%CPEs: 79EXPL: 3

CVE-2012-6495 – MoinMoin - twikidraw Action Traversal Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2012-6495

Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code. Múltiples vulnerabilidades de salto de directorio en (1) twikidraw (acction/twikidraw.py) y (2) anywikidraw (acction/anywikidraw.py), acciones en MoinMoin antes de v1.9.6 a usuarios remotos autenticados con permisos de escritura sobrescribir archivos arbitrarios a través de vectores no especificados. NOTA: esto puede ser aprovechado con CVE-2012-6081 para ejecutar código arbitrario. • https://www.exploit-db.com/exploits/26422 https://www.exploit-db.com/exploits/25304 http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f http://moinmo.in/MoinMoinRelease1.9 http://moinmo.in/SecurityFixes http://secunia.com/advisories/51696 http://ubuntu.com/usn/usn-1680-1 http://www.debian.org/security/2012/dsa-2593 http://www.openwall.com/lists/oss-security/2012/12/29/6 http://www.openwall.com/lists/oss-security/2012/12/30/4 https://bugs.launchpad.net • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0

CVE-2012-4404

https://notcve.org/view.php?id=CVE-2012-4404

security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group. security/__init__.py en MoinMoin v1.9 hasta v1.9.4 no trata correctamente los nombres de los grupos que contienen nombres de grupos virtuales tales como "All", "Known", o "Trusted", lo que permite ser tratados como miembros del grupo no-virtual a usuarios remotos autenticados que pertenezcan a un grupo virtual. • http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16 http://moinmo.in/SecurityFixes http://secunia.com/advisories/50474 http://secunia.com/advisories/50496 http://secunia.com/advisories/50885 http://www.debian.org/security/2012/dsa-2538 http://www.openwall.com/lists/oss-security/2012/09/04/4 http://www.openwall.com/lists/oss-security/2012/09/05/2 http://www.ubuntu.com/usn/USN-1604-1 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.6EPSS: 0%CPEs: 76EXPL: 0

CVE-2011-1058

https://notcve.org/view.php?id=CVE-2011-1058

Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de tipo cross-site scripting (XSS) en el analizador reStructuredText (rst) en parser/text_rst.py en MoinMoin anterior a versión 1.9.3, cuando es instalado docutils o cuando se establece "format rst", permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de una URL javascript: en el atributo refuri. NOTA: algunos de estos datos se obtienen de la información de terceros. • http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054544.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055116.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055124.html http://moinmo.in/SecurityFixes http://secunia.com/advisories/43413 http://secunia.com/advisories/43665 http://secunia.com/advisories/50885 http://www.debian.org/security/2011/dsa-2321 http://www.securityfocus.com/bid/46476 http://www.ubuntu.com/usn • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 67EXPL: 0

CVE-2010-2969

https://notcve.org/view.php?id=CVE-2010-2969

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MoinMoin v1.7.x y anteriores permite a atacantes remotos inyectar código web o HTML de su elección a travé de contenido manipulado, relacionado con (1) action/LikePages.py, (2) action/chart.py, y (3) action/userprofile.py, un tema similar a CVE-2010-2487. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809 http://hg.moinmo.in/moin/1.7/rev/37306fba2189 http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES http://hg.moinmo.in/moin/1.9/rev/e50b087c4572 http://marc.info/?l=oss-security&m=127799369406968&w=2 http://marc.info/?l=oss-security&m=127809682420259&w=2 http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg http://moinmo.in/MoinMoinRelease1.9 http://moinmo.in/SecurityFixes http://s • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2010-2970

https://notcve.org/view.php?id=CVE-2010-2970

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MoinMoin v1.9.x anterior v1.9.3 permite a atacantes remotos inyectar código web o HTML de su elección a travé de contenido manipulado, relacionado con (1) action/SlideShow.py, (2) action/anywikidraw.py, y (3) action/language_setup.py, un tema similar a CVE-2010-2487. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809 http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES http://hg.moinmo.in/moin/1.9/rev/4fe9951788cb http://hg.moinmo.in/moin/1.9/rev/e50b087c4572 http://marc.info/?l=oss-security&m=127799369406968&w=2 http://marc.info/?l=oss-security&m=127809682420259&w=2 http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg http://moinmo.in/MoinMoinRelease1.9 http://moinmo.in/SecurityFixes http://s • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •