CVE-2014-8761
https://notcve.org/view.php?id=CVE-2014-8761
inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call. inc/template.php en DokuWiki anterior a 2014-05-05a solamente comprueba para el acceso al espacio de nombre root, lo que permite a atacantes remotos acceder a imágenes arbitrarias a través de una llamada ajax para detalles de ficheros de los medios. • http://advisories.mageia.org/MGASA-2014-0438.html http://secunia.com/advisories/61983 http://www.debian.org/security/2014/dsa-3059 http://www.openwall.com/lists/oss-security/2014/10/13/3 http://www.openwall.com/lists/oss-security/2014/10/16/9 https://bugs.dokuwiki.org/index.php?do=details&task_id=2647#comment6204 https://github.com/splitbrain/dokuwiki/issues/765 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-8764
https://notcve.org/view.php?id=CVE-2014-8764
DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind. DokuWiki 2014-05-05a y anteriores, cuando utiliza Active Directory para la autenticación LDAP, permite a atacantes remotos evadir la autenticación a través de un nombre de usuario y una contraseña que empiece por un caracter nulo (\0), lo que provoca un bind anónimo. • http://advisories.mageia.org/MGASA-2014-0438.html http://secunia.com/advisories/61983 http://www.debian.org/security/2014/dsa-3059 http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication http://www.openwall.com/lists/oss-security/2014/10/13/3 http://www.openwall.com/lists/oss-security/2014/10/16/9 https://github.com/splitbrain/dokuwiki/pull/868 • CWE-287: Improper Authentication •
CVE-2014-8762
https://notcve.org/view.php?id=CVE-2014-8762
The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter. La función ajax_mediadiff en DokuWiki anterior a 2014-05-05a permite a atacantes remotos acceder a imágenes arbitrarias a través de un espacio de nombre manipulado en el parámetro ns. • http://advisories.mageia.org/MGASA-2014-0438.html http://secunia.com/advisories/61983 http://www.debian.org/security/2014/dsa-3059 http://www.openwall.com/lists/oss-security/2014/10/13/3 http://www.openwall.com/lists/oss-security/2014/10/16/9 http://www.securityfocus.com/bid/70404 https://github.com/splitbrain/dokuwiki/issues/765 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-8763
https://notcve.org/view.php?id=CVE-2014-8763
DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind. DokuWiki anterior a 2014-05-05b, cuando utiliza Active Directory para la autenticación LDAP, permite a atacantes remotos evadir la autenticación a través de una contraseña que empiece por un caracter nulo (\0) y un nombre de usuario válido, lo que provoca un bind no autenticado. • http://advisories.mageia.org/MGASA-2014-0438.html http://secunia.com/advisories/61983 http://www.debian.org/security/2014/dsa-3059 http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication http://www.openwall.com/lists/oss-security/2014/10/13/3 http://www.openwall.com/lists/oss-security/2014/10/16/9 https://github.com/splitbrain/dokuwiki/pull/868 • CWE-287: Improper Authentication •
CVE-2012-2129
https://notcve.org/view.php?id=CVE-2012-2129
Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action. Vulnerabilidad de ejecución de ejecución de comandos en sitios cruzados (XSS) en doku.php en DokuWiki 2012-01-25 Angua permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro de destino en una acción de edición. • http://bugs.dokuwiki.org/index.php?do=details&task_id=2487 http://ircrash.com/uploads/dokuwiki.txt http://seclists.org/bugtraq/2012/Apr/121 http://secunia.com/advisories/48848 http://www.openwall.com/lists/oss-security/2012/04/22/4 http://www.openwall.com/lists/oss-security/2012/04/23/1 http://www.securityfocus.com/bid/53041 https://bugs.gentoo.org/show_bug.cgi?id=412891 https://bugzilla.redhat.com/show_bug.cgi?id=815122 https://exchange.xforce.ibmcloud.c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •