3 results (0.011 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal. • https://foswiki.org/Support/SecurityAlert-CVE-2023-33756 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

Foswiki before 1.1.8 contains a code injection vulnerability in the MAKETEXT macro. Foswiki versiones anteriores a 1.1.8, contiene una vulnerabilidad de inyección de código en la macro MAKETEXT. • http://foswiki.org/Support/SecurityAlert-CVE-2013-1666 http://www.openwall.com/lists/oss-security/2015/03/24/20 https://security-tracker.debian.org/tracker/CVE-2013-1666 https://www.securityfocus.com/archive/1/525733 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 1

The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro. La funcionalidad de localización en TWiki anteriores a v5.1.3, y Foswiki v1.0.x hasta v1.0.10 y v1.1.x hasta v1.1.6, permite a atacantes remotos a provocar una denegación de servicio (consumo de memoria)a través de un entero largo en una macro %MAKETEXT%. • https://www.exploit-db.com/exploits/23580 http://sourceforge.net/mailarchive/message.php?msg_id=30219695 http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329 http://www.securityfocus.com/bid/56950 • CWE-189: Numeric Errors •