Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dokuwiki dokuwiki vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-34408
DokuWiki prior to 2023-04-04a allows XSS via RSS titles.
Dokuwiki Dokuwiki
5.4
CVSSv3
CVE-2017-15214
Stored XSS vulnerability in Flyspray 1.0-rc4 prior to 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/d...
Flyspray Flyspray 1.0
NA
CVE-2024-33103
An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows malicious users to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with ...
NA
CVE-2015-2172
DokuWiki prior to 2014-05-05d and prior to 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API.
Dokuwiki Dokuwiki
NA
CVE-2014-9253
The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki prior to 2014-09-29b allows remote malicious users to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php.
Dokuwiki Dokuwiki
Mageia Mageia 4.0
NA
CVE-2014-8763
DokuWiki prior to 2014-05-05b, when using Active Directory for LDAP authentication, allows remote malicious users to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.
Dokuwiki Dokuwiki
Mageia Project Mageia 3.0
Mageia Project Mageia 4.0
NA
CVE-2014-8764
DokuWiki 2014-05-05a and previous versions, when using Active Directory for LDAP authentication, allows remote malicious users to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.
Mageia Project Mageia 3.0
Mageia Project Mageia 4.0
Dokuwiki Dokuwiki
NA
CVE-2014-8761
inc/template.php in DokuWiki prior to 2014-05-05a only checks for access to the root namespace, which allows remote malicious users to access arbitrary images via a media file details ajax call.
Dokuwiki Dokuwiki
NA
CVE-2014-8762
The ajax_mediadiff function in DokuWiki prior to 2014-05-05a allows remote malicious users to access arbitrary images via a crafted namespace in the ns parameter.
Dokuwiki Dokuwiki
NA
CVE-2012-3354
doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote malicious users to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message.
Fedoraproject Fedora 17
Dokuwiki Dokuwiki -
Fedoraproject Fedora 16
Fedoraproject Fedora 18
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »