CVSS: 7.5EPSS: 1%CPEs: 46EXPL: 0CVE-2010-0669
https://notcve.org/view.php?id=CVE-2010-0669
MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors. MoinMoin anteriores a v1.8.7 y 1.9.x anteriores a v1.9.2 no sanea de forma adecuada los perfiles de usuario, lo que tiene un impacto y efectos desconocidos. • http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES http://moinmo.in/MoinMoinRelease1.8 http://moinmo.in/SecurityFixes http://secunia.com/advisories/38444 http://secunia.com/advisories/38903 http://www.debian.org/security/2010/dsa-2014 http://www.openwall.com/lists/oss-security/2010/02/15/2 http://www.openwall.com/lists/oss-security/2010/02/15/4 http://www.openwall.com/lists/oss-security/2010/02/21/2 http://www.securityfocus.com/bid/38023&# •
CVSS: 7.5EPSS: 0%CPEs: 44EXPL: 0CVE-2010-0717
https://notcve.org/view.php?id=CVE-2010-0717
The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors. La configuración por defecto de cfg.packagepages_actions_excluded en MoinMoin anteriores v1.8.7 no previene acciones inseguras, que tiene un impacto y vectores de ataque no especificados. • http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES http://moinmo.in/MoinMoinRelease1.8 http://secunia.com/advisories/38903 http://www.debian.org/security/2010/dsa-2014 http://www.openwall.com/lists/oss-security/2010/02/15/2 http://www.vupen.com/english/advisories/2010/0600 https://exchange.xforce.ibmcloud.com/vulnerabilities/56595 • CWE-16: Configuration •
CVSS: 4.3EPSS: 0%CPEs: 40EXPL: 1CVE-2009-1482
https://notcve.org/view.php?id=CVE-2009-1482
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en action/AttachFile.py en MoinMoin v1.8.2 y anteriores permiten a atacantes remotos inyectar HTML o scripts web arbitrarios a través de (1) una sub-acción AttachFile en la función error_msg o (2) múltiples vectores relacionados con los errores de empaquetado de ficheros en la función upload_form, diferentes vectores que CVE-2009-0260. • http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1 http://moinmo.in/SecurityFixes http://secunia.com/advisories/34821 http://secunia.com/advisories/34945 http://secunia.com/advisories/35024 http://www.debian.org/security/2009/dsa-1791 http://www.securityfocus.com/bid/34631 http://www.ubuntu.com/usn/USN-774-1 http://www.vupen.com/english/advisories/2009/1119 https://exchange.xforce.ibmcloud.com/vulnerabilities/50356 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2008-6548
https://notcve.org/view.php?id=CVE-2008-6548
The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors. El analizador rst (parser/text_rst.py) en MoinMoin v1.6.1 no valida adecuadamente las ACL de la página web incluida , lo que permite a atacantes leer archivos sin autorización a través de vectores no especificados. • http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546 http://moinmo.in/SecurityFixes http://osvdb.org/48877 • CWE-862: Missing Authorization •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2008-6549
https://notcve.org/view.php?id=CVE-2008-6549
The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors. La función password_checker en config/multiconfig.py en MoinMoin v1.6.1 utiliza la característica cracklib y python-crack incluso cuando ambas no están como "thread-safe", lo que permite a atacantes remotos provocar una denegación de servicio (falta de segmentación y caída) a través de vectores desconocidos. • http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546 http://moinmo.in/SecurityFixes http://osvdb.org/48876 •