Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'Twiki'
2020-02-17
CVE-2014-7236
CWE-74
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.
2019-11-07
CVE-2013-1751
CWE-20
TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.
2019-03-21
CVE-2018-20212
CWE-79
bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter.
2014-12-31
CVE-2014-9367
CWE-79
Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a "'" (single quote) in the scope parameter to do/view/TWiki/WebSearch.
CVE-2014-9325
CWE-79
Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRING variable in lib/TWiki/UI/View.pm, as demonstrated by the QUERY_STRING to do/view/Main/TWikiPreferences.
2014-10-15
CVE-2014-7237
lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code.
2013-01-04
CVE-2012-6330
The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.
2012-02-02
CVE-2012-0979
Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user.
2011-09-30
CVE-2011-3010
Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin.
2011-05-20
CVE-2011-1838
CWE-79
Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script.
Copyright
2024
, cxsecurity.com
Back to Top
Podatności dla 'Twiki' 
Polish
English