CVE-2006-1387
https://notcve.org/view.php?id=CVE-2006-1387
TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE by URL statements that form a loop, such as a page that includes itself. • http://secunia.com/advisories/19410 http://twiki.org/cgi-bin/view/Codev/SecurityAdvisoryDosAttackWithInclude http://www.securityfocus.com/bid/17267 http://www.vupen.com/english/advisories/2006/1116 https://exchange.xforce.ibmcloud.com/vulnerabilities/25445 •
CVE-2006-1386
https://notcve.org/view.php?id=CVE-2006-1386
The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics. • http://secunia.com/advisories/19410 http://securitytracker.com/id?1015843 http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess http://www.securityfocus.com/bid/17268 http://www.vupen.com/english/advisories/2006/1116 https://exchange.xforce.ibmcloud.com/vulnerabilities/25444 •