CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8762
https://notcve.org/view.php?id=CVE-2014-8762
The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter. La función ajax_mediadiff en DokuWiki anterior a 2014-05-05a permite a atacantes remotos acceder a imágenes arbitrarias a través de un espacio de nombre manipulado en el parámetro ns. • http://advisories.mageia.org/MGASA-2014-0438.html http://secunia.com/advisories/61983 http://www.debian.org/security/2014/dsa-3059 http://www.openwall.com/lists/oss-security/2014/10/13/3 http://www.openwall.com/lists/oss-security/2014/10/16/9 http://www.securityfocus.com/bid/70404 https://github.com/splitbrain/dokuwiki/issues/765 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8763
https://notcve.org/view.php?id=CVE-2014-8763
DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind. DokuWiki anterior a 2014-05-05b, cuando utiliza Active Directory para la autenticación LDAP, permite a atacantes remotos evadir la autenticación a través de una contraseña que empiece por un caracter nulo (\0) y un nombre de usuario válido, lo que provoca un bind no autenticado. • http://advisories.mageia.org/MGASA-2014-0438.html http://secunia.com/advisories/61983 http://www.debian.org/security/2014/dsa-3059 http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication http://www.openwall.com/lists/oss-security/2014/10/13/3 http://www.openwall.com/lists/oss-security/2014/10/16/9 https://github.com/splitbrain/dokuwiki/pull/868 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8764
https://notcve.org/view.php?id=CVE-2014-8764
DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind. DokuWiki 2014-05-05a y anteriores, cuando utiliza Active Directory para la autenticación LDAP, permite a atacantes remotos evadir la autenticación a través de un nombre de usuario y una contraseña que empiece por un caracter nulo (\0), lo que provoca un bind anónimo. • http://advisories.mageia.org/MGASA-2014-0438.html http://secunia.com/advisories/61983 http://www.debian.org/security/2014/dsa-3059 http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication http://www.openwall.com/lists/oss-security/2014/10/13/3 http://www.openwall.com/lists/oss-security/2014/10/16/9 https://github.com/splitbrain/dokuwiki/pull/868 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0CVE-2012-0283
https://notcve.org/view.php?id=CVE-2012-0283
Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función tpl_mediaFileList en inc/template.php en DokuWiki anterior a 2012-01-25b, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro ns en una acción medialist para lib/exe/ajax.php. • http://bugs.dokuwiki.org/index.php?do=details&task_id=2561 http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html http://secunia.com/secunia_research/2012-24 http://security.gentoo.org/glsa/glsa-201301-07.xml http://www.securityfocus.com/bid/54439 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2011-2510
https://notcve.org/view.php?id=CVE-2011-2510
Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbitrary web script or HTML via a link. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad RSS dentro de DokuWiki anterior a v2011-05-25a Rincewind permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un link. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631818 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062380.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062389.html http://secunia.com/advisories/45009 http://secunia.com/advisories/45190 http://security.gentoo.org/glsa/glsa-201301-07.xml http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-366/CERTA-2011-AVI-366.html http://www.debian.org/security/2011/dsa-2320 http://www.dokuwiki • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •