Product:

Moinmoin

(Moinmo)
Repositories https://github.com/moinwiki/moin-1.9
#Vulnerabilities 26
Date Id Summary Products Score Patch Annotated
2010-02-26 CVE-2010-0668 Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured. Moinmoin N/A
2010-02-26 CVE-2010-0667 MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors. Moinmoin N/A
2010-03-29 CVE-2009-4762 MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603. Moinmoin N/A
2009-04-29 CVE-2009-1482 Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260. Moinmoin, Moinmoin N/A
2009-04-03 CVE-2008-6603 MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937. Moinmoin N/A
2009-03-29 CVE-2008-6549 The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors. Moinmoin N/A