CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2006-6071
https://notcve.org/view.php?id=CVE-2006-6071
02 Dec 2006 — TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password. Twiki 4.0.5 y anteriores, cuando está funcionando bajo Apache 1.3 usando ApacheLogin con sesiones y redirecciones "ErrorDocument 401" a un tópico wiki valido, no maneja adecua... • http://secunia.com/advisories/23189 •
CVSS: 7.5EPSS: 5%CPEs: 5EXPL: 2CVE-2006-4294 – TWiki 4.0.x - 'Viewfile' Directory Traversal
https://notcve.org/view.php?id=CVE-2006-4294
09 Sep 2006 — Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. Vulnerabilidad de directorio transversal en viewfile en TWiki 4.0.0 hasta 4.0.4 permiet a un atacante remoto leer ficheros de su elección a través de la secuencia .. (punto punto) en el parámetro filename. • https://www.exploit-db.com/exploits/28495 •
CVSS: 9.8EPSS: 7%CPEs: 6EXPL: 2CVE-2006-3819 – TWiki 4.0.4 - 'configure' Remote Command Execution
https://notcve.org/view.php?id=CVE-2006-3819
27 Jul 2006 — Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF". Vulnerabilidad de inyección en eval (evaluación directa de código dinámico) en la secuencia de comandos de configuración en TWiki 4.0.0 hasta 4.0.4 permite a atacantes remotos ejecutar código Perl de su elección mediante una petición HTTP POST que contiene un parámetro nombre (name) que empieza po... • https://www.exploit-db.com/exploits/2143 •
CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 1CVE-2006-3336
https://notcve.org/view.php?id=CVE-2006-3336
05 Jul 2006 — TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory. Vulnerabilidad en TWiki desde la versión del 01-Dic-2000 hasta la versión v4.0.3 que permite a atacantes remotos saltarse el "upload filter" (filtro o control de subida) y ejecutar código de s... • http://secunia.com/advisories/20992 •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2006-2942
https://notcve.org/view.php?id=CVE-2006-2942
20 Jun 2006 — TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup. TWiki 4.0.0, 4.0.1 y 4.0.2 permite a atacantes remotos obtener privielgios de administrador de Twiki a través de un formulario TWiki.TWikiRegistration con un atributo de acción modif... • http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0032.html •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2006-1386
https://notcve.org/view.php?id=CVE-2006-1386
26 Mar 2006 — The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics. • http://secunia.com/advisories/19410 •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2006-1387
https://notcve.org/view.php?id=CVE-2006-1387
26 Mar 2006 — TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE by URL statements that form a loop, such as a page that includes itself. • http://secunia.com/advisories/19410 •
CVSS: 9.8EPSS: 81%CPEs: 5EXPL: 4CVE-2005-2877 – TWiki History TWikiUsers - 'rev' Command Execution
https://notcve.org/view.php?id=CVE-2005-2877
16 Sep 2005 — The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers. • https://www.exploit-db.com/exploits/16892 •
CVSS: 10.0EPSS: 85%CPEs: 2EXPL: 3CVE-2004-1037 – TWiki 20030201 - 'search.pm' Remote Command Execution
https://notcve.org/view.php?id=CVE-2004-1037
19 Nov 2004 — The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string. • https://www.exploit-db.com/exploits/642 •