NotCVE - vendor:"Foswiki" product:"Foswiki" version:"1.0.3"

4 results (0.007 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-33756

https://notcve.org/view.php?id=CVE-2023-33756

08 Aug 2023 — An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal. • https://foswiki.org/Support/SecurityAlert-CVE-2023-33756 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0

CVE-2013-1666

https://notcve.org/view.php?id=CVE-2013-1666

01 Nov 2019 — Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. Foswiki versiones anteriores a 1.1.8, contiene una vulnerabilidad de inyección de código en la macro MAKETEXT. • http://foswiki.org/Support/SecurityAlert-CVE-2013-1666 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 73%CPEs: 16EXPL: 1

CVE-2012-6330 – Foswiki MAKETEXT - Remote Command Execution

https://notcve.org/view.php?id=CVE-2012-6330

04 Jan 2013 — The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro. La funcionalidad de localización en TWiki anteriores a v5.1.3, y Foswiki v1.0.x hasta v1.0.10 y v1.1.x hasta v1.1.6, permite a atacantes remotos a provocar una denegación de servicio (consumo de memoria)a través de un entero largo en una macro %MAKETEXT%. • https://www.exploit-db.com/exploits/23580 • CWE-189: Numeric Errors •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2009-1434

https://notcve.org/view.php?id=CVE-2009-1434

30 Apr 2009 — Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Foswiki anterior a v1.0.5 permite a atacantes remotos secuestrar la autenticación... • http://foswiki.org/Support/SecurityAlert-CVE-2009-1434 • CWE-352: Cross-Site Request Forgery (CSRF) •