Search
Search Results (30 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-5304 | 1 Twiki | 1 Twiki | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable. | ||||
| CVE-2008-5305 | 1 Twiki | 1 Twiki | 2025-04-09 | N/A |
| Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable. | ||||
| CVE-2006-6071 | 1 Twiki | 1 Twiki | 2025-04-09 | N/A |
| TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password. | ||||
| CVE-2009-1339 | 1 Twiki | 1 Twiki | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434. | ||||
| CVE-2007-0669 | 1 Twiki | 1 Twiki | 2025-04-09 | N/A |
| Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files. | ||||
| CVE-2007-5193 | 2 Debian, Twiki | 2 Debian Linux, Twiki | 2025-04-09 | N/A |
| The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied. | ||||
| CVE-2018-20212 | 1 Twiki | 1 Twiki | 2024-11-21 | N/A |
| bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter. | ||||
| CVE-2014-7236 | 1 Twiki | 1 Twiki | 2024-11-21 | 9.1 Critical |
| Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome. | ||||
| CVE-2013-1751 | 1 Twiki | 1 Twiki | 2024-11-21 | 9.8 Critical |
| TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters. | ||||
| CVE-2005-3056 | 1 Twiki | 1 Twiki | 2024-11-21 | 9.8 Critical |
| TWiki allows arbitrary shell command execution via the Include function | ||||