Filtered by vendor Moinmo
Subscribe
Total
26 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-4762 | 1 Moinmo | 1 Moinmoin | 2010-05-26 | 7.5 HIGH | N/A |
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603. | |||||
CVE-2010-1238 | 1 Moinmo | 1 Moinmoin | 2010-04-27 | 5.0 MEDIUM | N/A |
MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values. | |||||
CVE-2010-0669 | 1 Moinmo | 1 Moinmoin | 2010-03-30 | 7.5 HIGH | N/A |
MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors. | |||||
CVE-2010-0667 | 1 Moinmo | 1 Moinmoin | 2010-02-28 | 5.0 MEDIUM | N/A |
MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2008-6548 | 1 Moinmo | 1 Moinmoin | 2009-03-29 | 5.0 MEDIUM | N/A |
The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors. | |||||
CVE-2008-6549 | 1 Moinmo | 1 Moinmoin | 2009-03-29 | 5.0 MEDIUM | N/A |
The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors. |