CVE-2010-1238
https://notcve.org/view.php?id=CVE-2010-1238
MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values. MoinMoin v1.7.1, permite a atacantes remotos evitar el mecanismo de protección textcha modificando los campos textcha-question y textcha-answer con valores vacíos. • http://secunia.com/advisories/39284 http://www.debian.org/security/2010/dsa-2024 http://www.ubuntu.com/usn/USN-925-1 http://www.vupen.com/english/advisories/2010/0831 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-0828
https://notcve.org/view.php?id=CVE-2010-0828
Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en action/Despam.py del módulo de acción Despam de MoinMoin v1.8.7 y v1.9.2, permite a usuarios autenticados en remoto inyectar secuencias de comandos Web o HTML de su elección creando un página con una URI manipulada. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995 http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038490.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038574.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038706.html http://secunia.com/advisories/39188 http://secunia.com/advisories/39190 http://secunia.com/advisories/39267 http://secunia.com/advisories/39284 http • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-4762
https://notcve.org/view.php?id=CVE-2009-4762
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603. MoinMoin v1.7.x anteriores a la v1.7.3 y v1.8.x anteriores a la v1.8.3 chequea ACLs (listas de control de acceso) del elemento padre en algunas circunstacias inapropiadas durante el procesado de ACLs jerárquicas, lo que permite a atacantes remotos evitar las restricciones de acceso previstas al solicitar un objeto. Es una vulnerabilidad distanta a la CVE-2008-6603. • http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2 http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2 http://moinmo.in/SecurityFixes http://secunia.com/advisories/39887 http://ubuntu.com/usn/usn-941-1 http://www.debian.org/security/2010/dsa-2014 http://www.securityfocus.com/bid/35277 http://www.vupen.com/english/advisories/2010/0600 http://www.vupen.com/english/advisories/2010/1208 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-0667
https://notcve.org/view.php?id=CVE-2010-0667
MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors. MoinMoin v1.9 anteriores v1.9.1 no realiza de la forma esperada la limpieza del array sys.argv en situaciones donde la variable de entorno GATEWAY_INTERFACE recibe valor, lo que permite a atacantes remotos conseguir información sensible a través de vectores no especificados. • http://hg.moinmo.in/moin/1.9/raw-file/1.9.1/docs/CHANGES http://hg.moinmo.in/moin/1.9/rev/04afdde50094 http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2 http://marc.info/?l=oss-security&m=126625972814888&w=2 http://marc.info/?l=oss-security&m=126676896601156&w=2 http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18 http://moinmo.in/SecurityFixes http://secunia.com/advisories/38242 http://www.openwall.com/lists/oss-security/2010/01/21/6 http: • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-0668
https://notcve.org/view.php?id=CVE-2010-0668
Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured. Vulnerabilidad no especificada en MoinMoin v1.5.x hasta v1.7.x, v1.8.x anteriores a v1.8.7, y v1.9.x anteriores a v1.9.2 tiene un impacto y cvector de ataque desconocido, relativo a configuraciones que tienen una lista no vacía de super-usuarios, la acción xmlrpc está disponible, la acción SyncPages está activo, o configurada OpenID. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569975 http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035374.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035438.html http://marc.info/?l=oss-security&m=126625972814888&w=2 http://marc.info/?l=oss-security&m=126676896601156&w=2 http://moinmo.in/MoinMoinRelease1.8 http://moinmo.in/SecurityFixes http://secunia.c •