Page 6 of 30 results (0.004 seconds)

CVSS: 4.0EPSS: 0%CPEs: 9EXPL: 0

TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE by URL statements that form a loop, such as a page that includes itself. • http://secunia.com/advisories/19410 http://twiki.org/cgi-bin/view/Codev/SecurityAdvisoryDosAttackWithInclude http://www.securityfocus.com/bid/17267 http://www.vupen.com/english/advisories/2006/1116 https://exchange.xforce.ibmcloud.com/vulnerabilities/25445 •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics. • http://secunia.com/advisories/19410 http://securitytracker.com/id?1015843 http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess http://www.securityfocus.com/bid/17268 http://www.vupen.com/english/advisories/2006/1116 https://exchange.xforce.ibmcloud.com/vulnerabilities/25444 •

CVSS: 7.5EPSS: 96%CPEs: 5EXPL: 4

The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers. • https://www.exploit-db.com/exploits/16892 https://www.exploit-db.com/exploits/26260 https://www.exploit-db.com/exploits/26302 http://marc.info/?l=bugtraq&m=112680475417550&w=2 http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev http://www.kb.cert.org/vuls/id/757181 http://www.securityfocus.com/bid/14834 •

CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 2

The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote attackers to execute arbitrary commands via certain commands that generate thumbnails. • http://marc.info/?l=bugtraq&m=110918725225288&w=2 http://secunia.com/advisories/14384 http://static.enyo.de/fw/patches/twiki/imagegallery-robustness-20041128.diff http://www.enyo.de/fw/security/notes/twiki-robustness.html •

CVSS: 10.0EPSS: 91%CPEs: 2EXPL: 3

The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string. • https://www.exploit-db.com/exploits/642 https://www.exploit-db.com/exploits/16894 http://archives.neohapsis.com/archives/bugtraq/2004-11/0201.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000918 http://marc.info/?l=bugtraq&m=110037207516456&w=2 http://security.gentoo.org/glsa/glsa-200411-33.xml http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch http://www.ciac.org/ciac/bulletins/p-039.shtml http://www.securityfocus.com/bid/11674 https& •