Page 3 of 17 results (0.003 seconds)

CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0

MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603. MoinMoin v1.7.x anteriores a la v1.7.3 y v1.8.x anteriores a la v1.8.3 chequea ACLs (listas de control de acceso) del elemento padre en algunas circunstacias inapropiadas durante el procesado de ACLs jerárquicas, lo que permite a atacantes remotos evitar las restricciones de acceso previstas al solicitar un objeto. Es una vulnerabilidad distanta a la CVE-2008-6603. • http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2 http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2 http://moinmo.in/SecurityFixes http://secunia.com/advisories/39887 http://ubuntu.com/usn/usn-941-1 http://www.debian.org/security/2010/dsa-2014 http://www.securityfocus.com/bid/35277 http://www.vupen.com/english/advisories/2010/0600 http://www.vupen.com/english/advisories/2010/1208 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 1%CPEs: 46EXPL: 0

Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured. Vulnerabilidad no especificada en MoinMoin v1.5.x hasta v1.7.x, v1.8.x anteriores a v1.8.7, y v1.9.x anteriores a v1.9.2 tiene un impacto y cvector de ataque desconocido, relativo a configuraciones que tienen una lista no vacía de super-usuarios, la acción xmlrpc está disponible, la acción SyncPages está activo, o configurada OpenID. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569975 http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035374.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035438.html http://marc.info/?l=oss-security&m=126625972814888&w=2 http://marc.info/?l=oss-security&m=126676896601156&w=2 http://moinmo.in/MoinMoinRelease1.8 http://moinmo.in/SecurityFixes http://secunia.c •

CVSS: 7.5EPSS: 0%CPEs: 44EXPL: 0

The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors. La configuración por defecto de cfg.packagepages_actions_excluded en MoinMoin anteriores v1.8.7 no previene acciones inseguras, que tiene un impacto y vectores de ataque no especificados. • http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES http://moinmo.in/MoinMoinRelease1.8 http://secunia.com/advisories/38903 http://www.debian.org/security/2010/dsa-2014 http://www.openwall.com/lists/oss-security/2010/02/15/2 http://www.vupen.com/english/advisories/2010/0600 https://exchange.xforce.ibmcloud.com/vulnerabilities/56595 • CWE-16: Configuration •

CVSS: 7.5EPSS: 1%CPEs: 46EXPL: 0

MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors. MoinMoin anteriores a v1.8.7 y 1.9.x anteriores a v1.9.2 no sanea de forma adecuada los perfiles de usuario, lo que tiene un impacto y efectos desconocidos. • http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES http://moinmo.in/MoinMoinRelease1.8 http://moinmo.in/SecurityFixes http://secunia.com/advisories/38444 http://secunia.com/advisories/38903 http://www.debian.org/security/2010/dsa-2014 http://www.openwall.com/lists/oss-security/2010/02/15/2 http://www.openwall.com/lists/oss-security/2010/02/15/4 http://www.openwall.com/lists/oss-security/2010/02/21/2 http://www.securityfocus.com/bid/38023&# •

CVSS: 4.3EPSS: 0%CPEs: 40EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en action/AttachFile.py en MoinMoin v1.8.2 y anteriores permiten a atacantes remotos inyectar HTML o scripts web arbitrarios a través de (1) una sub-acción AttachFile en la función error_msg o (2) múltiples vectores relacionados con los errores de empaquetado de ficheros en la función upload_form, diferentes vectores que CVE-2009-0260. • http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1 http://moinmo.in/SecurityFixes http://secunia.com/advisories/34821 http://secunia.com/advisories/34945 http://secunia.com/advisories/35024 http://www.debian.org/security/2009/dsa-1791 http://www.securityfocus.com/bid/34631 http://www.ubuntu.com/usn/USN-774-1 http://www.vupen.com/english/advisories/2009/1119 https://exchange.xforce.ibmcloud.com/vulnerabilities/50356 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •