Search Results (Refine Search)
- CPE Product Version: cpe:/a:moinmo:moinmoin:1.3.5:rc1
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-6495 |
Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code. Published: January 02, 2013; 8:55:04 PM -0500 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2012-6081 |
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012. Published: January 02, 2013; 8:55:04 PM -0500 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2011-1058 |
Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information. Published: February 22, 2011; 1:00:01 PM -0500 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2010-2969 |
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487. Published: August 05, 2010; 9:22:29 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-2487 |
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py. Published: August 05, 2010; 9:22:28 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |