National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PMWiki
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 11 matching records.
Vuln ID Summary CVSS Severity
CVE-2010-4662

PmWiki before 2.2.21 has XSS.

Published: February 05, 2020; 02:15:09 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-13960

** DISPUTED ** In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage would be a denial of service, is that the application should interpret libjpeg warnings as fatal errors (aborting decompression) and/or set limits on resource consumption or image sizes.

Published: July 18, 2019; 03:15:11 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2011-4453

The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.

Published: December 22, 2011; 10:29:20 AM -05:00
    V2: 7.5 HIGH
CVE-2010-4748

Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information.

Published: March 01, 2011; 05:00:01 PM -05:00
    V2: 4.3 MEDIUM
CVE-2010-1481

Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute.

Published: May 12, 2010; 07:46:31 AM -04:00
    V2: 3.5 LOW
CVE-2009-4324

Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.

Published: December 14, 2009; 09:30:00 PM -05:00
    V2: 9.3 HIGH
CVE-2009-0658

Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.

Published: February 20, 2009; 02:30:00 PM -05:00
V3.1: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2006-4453

Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "table markups".

Published: August 30, 2006; 12:04:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2006-2840

Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) "url links" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Published: June 06, 2006; 04:06:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2006-0479

pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS).

Published: January 31, 2006; 06:03:00 AM -05:00
    V2: 4.3 MEDIUM
CVE-2005-3849

Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

Published: November 26, 2005; 07:03:00 PM -05:00
    V2: 4.3 MEDIUM