Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Twiki Subscribe
Filtered by product Twiki
Total 29 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-7236 1 Twiki 1 Twiki 2020-02-20 6.4 MEDIUM 9.1 CRITICAL
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.
CVE-2013-1751 1 Twiki 1 Twiki 2019-11-08 10.0 HIGH 9.8 CRITICAL
TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters.
CVE-2005-3056 1 Twiki 1 Twiki 2019-11-05 7.5 HIGH 9.8 CRITICAL
TWiki allows arbitrary shell command execution via the Include function
CVE-2018-20212 1 Twiki 1 Twiki 2019-03-21 4.3 MEDIUM 6.1 MEDIUM
bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter.
CVE-2011-1838 1 Twiki 1 Twiki 2018-10-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script.
CVE-2008-3195 1 Twiki 1 Twiki 2017-09-28 6.8 MEDIUM N/A
Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors.
CVE-2014-7237 2 Microsoft, Twiki 2 Windows, Twiki 2017-09-07 6.8 MEDIUM N/A
lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code.
CVE-2012-0979 1 Twiki 1 Twiki 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user.
CVE-2010-3841 1 Twiki 1 Twiki 2017-08-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script.
CVE-2009-1339 1 Twiki 1 Twiki 2017-08-16 6.0 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434.
CVE-2008-5304 1 Twiki 1 Twiki 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable.
CVE-2007-0669 1 Twiki 1 Twiki 2017-07-28 4.6 MEDIUM N/A
Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files.
CVE-2006-6071 1 Twiki 1 Twiki 2017-07-19 9.0 HIGH N/A
TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
CVE-2006-3819 1 Twiki 1 Twiki 2017-07-19 7.5 HIGH N/A
Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF".
CVE-2006-2942 1 Twiki 1 Twiki 2017-07-19 5.1 MEDIUM N/A
TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup.
CVE-2006-1387 1 Twiki 1 Twiki 2017-07-19 4.0 MEDIUM N/A
TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE by URL statements that form a loop, such as a page that includes itself.
CVE-2006-1386 1 Twiki 1 Twiki 2017-07-19 7.5 HIGH N/A
The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics.
CVE-2004-1037 2 Gentoo, Twiki 2 Linux, Twiki 2017-07-10 10.0 HIGH N/A
The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.
CVE-2012-6330 2 Foswiki, Twiki 2 Foswiki, Twiki 2016-11-28 5.0 MEDIUM N/A
The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.
CVE-2005-2877 1 Twiki 1 Twiki 2016-10-17 7.5 HIGH N/A
The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers.