CVE-2014-8763
https://notcve.org/view.php?id=CVE-2014-8763
DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind. DokuWiki anterior a 2014-05-05b, cuando utiliza Active Directory para la autenticación LDAP, permite a atacantes remotos evadir la autenticación a través de una contraseña que empiece por un caracter nulo (\0) y un nombre de usuario válido, lo que provoca un bind no autenticado. • http://advisories.mageia.org/MGASA-2014-0438.html http://secunia.com/advisories/61983 http://www.debian.org/security/2014/dsa-3059 http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication http://www.openwall.com/lists/oss-security/2014/10/13/3 http://www.openwall.com/lists/oss-security/2014/10/16/9 https://github.com/splitbrain/dokuwiki/pull/868 • CWE-287: Improper Authentication •
CVE-2012-3354
https://notcve.org/view.php?id=CVE-2012-3354
doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message. doku.php en DokuWiki, utilizado en Fedora 16, 17 y 18, cuando ciertos niveles de error de PHP se establecen, permite a atacantes remotos obtener información sensible a través del parámetro prefix, lo que revela la ruta de instalación en un mensaje de error. • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html http://www.freelists.org/post/dokuwiki/Fwd-DokuWiki-Full-path-disclosure http://www.mandriva.com/security/advisories?name=MDVSA-2013:073 http://www.openwall.com/lists/oss-security/2012/06/24/2 http://www.openwall.com/lists/oss-security/2012/06/25/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2011-3727
https://notcve.org/view.php?id=CVE-2011-3727
DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files. DokuWiki v2009-12-25c permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con lib/tpl/index.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/dokuwiki-2009-12-25c http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html http://security.gentoo.org/glsa/glsa-201301-07.xml http://www.mandriva.com/security/a • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2011-2510
https://notcve.org/view.php?id=CVE-2011-2510
Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbitrary web script or HTML via a link. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad RSS dentro de DokuWiki anterior a v2011-05-25a Rincewind permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un link. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631818 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062380.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062389.html http://secunia.com/advisories/45009 http://secunia.com/advisories/45190 http://security.gentoo.org/glsa/glsa-201301-07.xml http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-366/CERTA-2011-AVI-366.html http://www.debian.org/security/2011/dsa-2320 http://www.dokuwiki • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-0287 – dokuwiki 2009-12-25 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0287
Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter. Vulnerabilidad de salto de directorio en el plugin ACL Manager (plugins/acl/ajax.php) de DokuWiki en versiones anteriores a la v2009-12-25b permite a usuarios remotos listar los contenidos de directorios de su elección a través de .. (punto punto) en el parámetro ns. • https://www.exploit-db.com/exploits/11141 http://bugs.splitbrain.org/index.php?do=details&task_id=1847 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html http://secunia.com/advisories/38183 http://security.gentoo.org/glsa/glsa-201301-07.xml http://www.debian.org/security/2010/dsa-1976 http://www.exploit-db.com/exploits/11141 http://www.securityfocus.com/bid/37821 http& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •