CVE-2008-0169
https://notcve.org/view.php?id=CVE-2008-0169
Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence. Plugin/passwordauth.pm (también conocido como plugin passwordauth) en ikiwiki versiones de la 1.34 hasta la 2.47, permite a atacantes remotos saltarse la autenticación y login de cualquier cuenta en la que se configura una identidad OpenID y no se configura una contraseña, especificando una contraseña vacía durante la secuencia de login. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483770 http://ikiwiki.info/news/version_2.48/index.html http://ikiwiki.info/security/#index33h2 http://secunia.com/advisories/30468 http://www.openwall.com/lists/oss-security/2008/05/31/3 http://www.securityfocus.com/bid/29479 http://www.vupen.com/english/advisories/2008/1710 https://exchange.xforce.ibmcloud.com/vulnerabilities/42798 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-0165
https://notcve.org/view.php?id=CVE-2008-0165
Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Ikiwiki versiones anteriores a 2.42 permite a atacantes remotos modificar preferencias de usuarios, incluyendo contraseñas, a través de los formularios (1) preferences y (2) edit. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445 http://ikiwiki.info/security/#index31h2 http://secunia.com/advisories/29907 http://secunia.com/advisories/29932 http://www.debian.org/security/2008/dsa-1553 http://www.vupen.com/english/advisories/2008/1297/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41904 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2008-0809
https://notcve.org/view.php?id=CVE-2008-0809
Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el htmlscrubber de Ikiwiki antes de 1.1.46 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los contenidos del título. • http://ikiwiki.info/security/#index27h2 http://secunia.com/advisories/28911 http://secunia.com/advisories/29369 http://www.debian.org/security/2008/dsa-1523 http://www.securityfocus.com/bid/27760 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-0808
https://notcve.org/view.php?id=CVE-2008-0808
Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el meta plugin de Ikiwiki antes de 1.1.47 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de meta tags (etiquetas). • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465110 http://ikiwiki.info/security/#index30h2 http://secunia.com/advisories/28911 http://secunia.com/advisories/29369 http://www.debian.org/security/2008/dsa-1523 http://www.securityfocus.com/bid/27760 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •