CVSS: 9.8EPSS: 15%CPEs: 29EXPL: 2CVE-2010-0288 – dokuwiki 2009-12-25 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0288
15 Feb 2010 — A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010. Una errata en el check del permiso de administrador del plugin ACL Manager (plugins/acl/ajax.php) de DokuWiki en versiones anteriores a la v2009-12-25b permite a atacantes remotos obtener privlegios y acceder a wikis cerrados editando las r... • https://www.exploit-db.com/exploits/11141 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 0CVE-2010-0289
https://notcve.org/view.php?id=CVE-2010-0289
15 Feb 2010 — Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el plugin ACL Manager (plugins/acl/ajax.php) de DokuWiki en versiones anteriores a la v2009-12-25c. Permiten a atacant... • http://bugs.splitbrain.org/index.php?do=details&task_id=1853 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 33%CPEs: 3EXPL: 2CVE-2009-1960 – Dokuwiki 2009-02-14 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-1960
06 Jun 2009 — inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs. inc/init.php de DokuWiki 2009-02-14, rc2009-02-06 y rc2009-01-30, cuando register_globals está habilitado, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección a través del p... • https://www.exploit-db.com/exploits/8781 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 17%CPEs: 2EXPL: 0CVE-2007-3930
https://notcve.org/view.php?id=CVE-2007-3930
21 Jul 2007 — Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain. Conflicto de Interpretación entre Microsoft Internet Explorer y DocuWiki version... • http://bugs.splitbrain.org/index.php?do=details&task_id=1195 •
CVSS: 9.8EPSS: 1%CPEs: 27EXPL: 1CVE-2006-4674
https://notcve.org/view.php?id=CVE-2006-4674
11 Sep 2006 — Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php. Vulnerabilidad de inyección de código estático directo en doku.php en DokuWiki anterior a 30/09/2006 permite a un atacante remoto ejecutar código PHP de su elección a través de la cabecera X-FORWARDED-FOR HTTP, la cual está almancenada en config.php. • http://bugs.splitbrain.org/index.php?do=details&id=906 •
CVSS: 9.8EPSS: 1%CPEs: 27EXPL: 1CVE-2006-4675
https://notcve.org/view.php?id=CVE-2006-4675
11 Sep 2006 — Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors. Vulnerabilidad de actualización de archivo no restringida en lib/exe/media.php en DokuWiki anterior a 09/03/2006 permite a un atacante remoto actualizar archivos ejecutables dentro de la carpeta data/media a través de vectores no especificados. • http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 1CVE-2006-4679
https://notcve.org/view.php?id=CVE-2006-4679
11 Sep 2006 — DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug". DokuWiki anterior al 9/03/2006 habilita la característica de depuración, lo cual permite a un atacante remoto obtener información sensible a través de la llamada a doku.php con la cabecera X-DOKUWIKI-DO HTTP fija el "depurador". • http://retrogod.altervista.org/dokuwiki_2006-03-09b_cmd.html •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2006-2945
https://notcve.org/view.php?id=CVE-2006-2945
12 Jun 2006 — Unspecified vulnerability in the user profile change functionality in DokuWiki, when Access Control Lists are enabled, allows remote authenticated users to read unauthorized files via unknown attack vectors. • http://bugs.splitbrain.org/?do=details&id=825 •
CVSS: 9.8EPSS: 2%CPEs: 27EXPL: 0CVE-2006-2878
https://notcve.org/view.php?id=CVE-2006-2878
07 Jun 2006 — The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier. • http://bugs.splitbrain.org/index.php?do=details&id=823 •