Page 4 of 23 results (0.005 seconds)

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind. DokuWiki anterior a 2014-05-05b, cuando utiliza Active Directory para la autenticación LDAP, permite a atacantes remotos evadir la autenticación a través de una contraseña que empiece por un caracter nulo (\0) y un nombre de usuario válido, lo que provoca un bind no autenticado. • http://advisories.mageia.org/MGASA-2014-0438.html http://secunia.com/advisories/61983 http://www.debian.org/security/2014/dsa-3059 http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication http://www.openwall.com/lists/oss-security/2014/10/13/3 http://www.openwall.com/lists/oss-security/2014/10/16/9 https://github.com/splitbrain/dokuwiki/pull/868 • CWE-287: Improper Authentication •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message. doku.php en DokuWiki, utilizado en Fedora 16, 17 y 18, cuando ciertos niveles de error de PHP se establecen, permite a atacantes remotos obtener información sensible a través del parámetro prefix, lo que revela la ruta de instalación en un mensaje de error. • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html http://www.freelists.org/post/dokuwiki/Fwd-DokuWiki-Full-path-disclosure http://www.mandriva.com/security/advisories?name=MDVSA-2013:073 http://www.openwall.com/lists/oss-security/2012/06/24/2 http://www.openwall.com/lists/oss-security/2012/06/25/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files. DokuWiki v2009-12-25c permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con lib/tpl/index.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/dokuwiki-2009-12-25c http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html http://security.gentoo.org/glsa/glsa-201301-07.xml http://www.mandriva.com/security/a • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0

Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbitrary web script or HTML via a link. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad RSS dentro de DokuWiki anterior a v2011-05-25a Rincewind permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un link. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631818 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062380.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062389.html http://secunia.com/advisories/45009 http://secunia.com/advisories/45190 http://security.gentoo.org/glsa/glsa-201301-07.xml http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-366/CERTA-2011-AVI-366.html http://www.debian.org/security/2011/dsa-2320 http://www.dokuwiki • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 29EXPL: 2

A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010. Una errata en el check del permiso de administrador del plugin ACL Manager (plugins/acl/ajax.php) de DokuWiki en versiones anteriores a la v2009-12-25b permite a atacantes remotos obtener privlegios y acceder a wikis cerrados editando las restricciones de ACL actuales, como se ha demostrado en Enero del 2010. • https://www.exploit-db.com/exploits/11141 http://bugs.splitbrain.org/index.php?do=details&task_id=1847 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html http://osvdb.org/61710 http://secunia.com/advisories/38183 http://security.gentoo.org/glsa/glsa-201301-07.xml http://www.debian.org/security/2010/dsa-1976 http://www.exploit-db.com/exploits/11141 http://www.s • CWE-264: Permissions, Privileges, and Access Controls •