29 results (0.001 seconds)

CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0

CVE-2013-1751

https://notcve.org/view.php?id=CVE-2013-1751

07 Nov 2019 — TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters. TWiki versiones anteriores a 5.1.4, permite a atacantes remotos ejecutar comandos de shell arbitrarios mediante el envío de un valor del parámetro "%MAKETEXT{}%" diseñado que contiene caracteres Perl backtick. • http://www.securitytracker.com/id/1028149 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2005-3056

https://notcve.org/view.php?id=CVE-2005-3056

01 Nov 2019 — TWiki allows arbitrary shell command execution via the Include function Twiki, permite una ejecución de comandos de shell arbitraria por medio de la función Include • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330733 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-20212 – TWiki 6.0.2 Cross Site Scripting

https://notcve.org/view.php?id=CVE-2018-20212

07 Jan 2019 — bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter. bin/statistics en TWiki 6.0.2 permite Cross-Site Scripting (XSS) mediante el parámetro webs. TWiki version 6.0.2 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/151028 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4

CVE-2014-9325 – TWiki 6.0.1 QUERYSTRING / QUERYPARAMSTRING XSS

https://notcve.org/view.php?id=CVE-2014-9325

19 Dec 2014 — Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to do/view/Main/TWikiPreferences. Múltiples vulnerabilidades de XSS en TWiki 6.0.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) la variable QUERYSTRING en lib/TWiki.pm o (2) la variable... • https://packetstorm.news/files/id/129654 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 4

CVE-2014-9367 – TWiki 6.0.0 / 6.0.1 WebSearch Cross Site Scripting

https://notcve.org/view.php?id=CVE-2014-9367

19 Dec 2014 — Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a "'" (single quote) in the scope parameter to do/view/TWiki/WebSearch. Vulnerabilidad de lista negra incompleta en la función urlEncode en lib/TWiki.pm en TWiki 6.0.0 y 6.0.1 permite a atacantes remotos llevar a cabo un ataque de XSS a través de ''' (comillas simples) en el parámetro scope en do/view/TWiki/WebSearch. TWiki versions 6... • https://packetstorm.news/files/id/129655 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.1EPSS: 84%CPEs: 7EXPL: 6

CVE-2014-7236 – TWiki Debugenableplugins - Remote Code Execution

https://notcve.org/view.php?id=CVE-2014-7236

10 Oct 2014 — Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome. Una vulnerabilidad de inyección Eval en la biblioteca lib/TWiki/Plugins.pm en TWiki versiones anteriores a 6.0.1, permite a atacantes remotos ejecutar código de Perl arbitrario por medio del parámetro debugenableplugins en el archivo do/view/Main/WebHome. TWiki versions 4.0.x through 6.0.0 contain a vulnerability in th... • https://packetstorm.news/files/id/128623 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 9.8EPSS: 26%CPEs: 2EXPL: 4

CVE-2014-7237 – Twiki Upload Bypass

https://notcve.org/view.php?id=CVE-2014-7237

10 Oct 2014 — lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code. lib/TWiki/Sandbox.pm en TWiki 6.0.0 y anteriores, cuando se ejecuta en Windows, permite a atacantes remotos evadir las restricciones de acceso y subir ficheros con nombres restringidos a través un byte nulo (%00) en el nom... • https://packetstorm.news/files/id/128622 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 73%CPEs: 16EXPL: 1

CVE-2012-6330 – Foswiki MAKETEXT - Remote Command Execution

https://notcve.org/view.php?id=CVE-2012-6330

04 Jan 2013 — The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro. La funcionalidad de localización en TWiki anteriores a v5.1.3, y Foswiki v1.0.x hasta v1.0.10 y v1.1.x hasta v1.1.6, permite a atacantes remotos a provocar una denegación de servicio (consumo de memoria)a través de un entero largo en una macro %MAKETEXT%. • https://www.exploit-db.com/exploits/23580 • CWE-189: Numeric Errors •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2

CVE-2012-0979

https://notcve.org/view.php?id=CVE-2012-0979

02 Feb 2012 — Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en TWiki permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo 'organización' en un perfil, con la participación de un usuario mediante su (1) registro o (2) la edición de su perfil. • http://osvdb.org/78664 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 53%CPEs: 20EXPL: 2

CVE-2011-3010 – TWiki 5.0.2 - '/bin/view/Main/Jump?newtopic' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2011-3010

30 Sep 2011 — Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en TWiki antes de v5.1.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través... • https://www.exploit-db.com/exploits/36162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •