Page 5 of 43 results (0.015 seconds)

CVSS: 7.5EPSS: 0%CPEs: 44EXPL: 0

The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors. La configuración por defecto de cfg.packagepages_actions_excluded en MoinMoin anteriores v1.8.7 no previene acciones inseguras, que tiene un impacto y vectores de ataque no especificados. • http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES http://moinmo.in/MoinMoinRelease1.8 http://secunia.com/advisories/38903 http://www.debian.org/security/2010/dsa-2014 http://www.openwall.com/lists/oss-security/2010/02/15/2 http://www.vupen.com/english/advisories/2010/0600 https://exchange.xforce.ibmcloud.com/vulnerabilities/56595 • CWE-16: Configuration •

CVSS: 7.5EPSS: 1%CPEs: 46EXPL: 0

MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors. MoinMoin anteriores a v1.8.7 y 1.9.x anteriores a v1.9.2 no sanea de forma adecuada los perfiles de usuario, lo que tiene un impacto y efectos desconocidos. • http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES http://moinmo.in/MoinMoinRelease1.8 http://moinmo.in/SecurityFixes http://secunia.com/advisories/38444 http://secunia.com/advisories/38903 http://www.debian.org/security/2010/dsa-2014 http://www.openwall.com/lists/oss-security/2010/02/15/2 http://www.openwall.com/lists/oss-security/2010/02/15/4 http://www.openwall.com/lists/oss-security/2010/02/21/2 http://www.securityfocus.com/bid/38023&# •

CVSS: 4.3EPSS: 0%CPEs: 40EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en action/AttachFile.py en MoinMoin v1.8.2 y anteriores permiten a atacantes remotos inyectar HTML o scripts web arbitrarios a través de (1) una sub-acción AttachFile en la función error_msg o (2) múltiples vectores relacionados con los errores de empaquetado de ficheros en la función upload_form, diferentes vectores que CVE-2009-0260. • http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1 http://moinmo.in/SecurityFixes http://secunia.com/advisories/34821 http://secunia.com/advisories/34945 http://secunia.com/advisories/35024 http://www.debian.org/security/2009/dsa-1791 http://www.securityfocus.com/bid/34631 http://www.ubuntu.com/usn/USN-774-1 http://www.vupen.com/english/advisories/2009/1119 https://exchange.xforce.ibmcloud.com/vulnerabilities/50356 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 2

MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937. MoinMoin v1.6.2 y v1.7 no maneja adecuadamente los puntos de cumplimiento de la ACL cuando acl_hierarchic esta fijado como Verdadero, lo que permitiría a atacantes remotos evitar las restricciones de acceso previstas, una vulnerabilidad diferente que CVE-2008-1937. • http://hg.moinmo.in/moin/1.6/rev/543ae9bdbe26 http://hg.moinmo.in/moin/1.7/rev/88356b3f849a http://moinmo.in/MoinMoinBugs/AclHierarchicPageAclSupercededByAclRightsAfter http://moinmo.in/SecurityFixes http://osvdb.org/48875 http://www.securityfocus.com/bid/34655 http://www.vupen.com/english/advisories/2008/1307 https://exchange.xforce.ibmcloud.com/vulnerabilities/41911 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors. El analizador rst (parser/text_rst.py) en MoinMoin v1.6.1 no valida adecuadamente las ACL de la página web incluida , lo que permite a atacantes leer archivos sin autorización a través de vectores no especificados. • http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546 http://moinmo.in/SecurityFixes http://osvdb.org/48877 • CWE-862: Missing Authorization •