Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
twiki twiki vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2005-0516
The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote malicious users to execute arbitrary commands via certain commands that generate thumbnails.
Twiki Imagegalleryplugin
645
VMScore
CVE-2014-7236
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki prior to 6.0.1 allows remote malicious users to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.
Twiki Twiki
Twiki Twiki 6.0
1 EDB exploit
1 Github repository
614
VMScore
CVE-2008-4998
postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid.
Twiki Twiki 4.1.2
605
VMScore
CVE-2014-7237
lib/TWiki/Sandbox.pm in TWiki 6.0.0 and previous versions, when running on Windows, allows remote malicious users to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess t...
Twiki Twiki
Microsoft Windows -
605
VMScore
CVE-2009-4898
Cross-site request forgery (CSRF) vulnerability in TWiki prior to 4.3.2 allows remote malicious users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjuncti...
Twiki Twiki 4.0.5
Twiki Twiki 4.0.4
Twiki Twiki 4.0.3
Twiki Twiki 4.0.2
Twiki Twiki 4.2.4
Twiki Twiki 4.1.2
Twiki Twiki
Twiki Twiki 4.1.0
Twiki Twiki 4.0.1
Twiki Twiki 4.2.3
Twiki Twiki 4.2.2
Twiki Twiki 4.2.1
Twiki Twiki 4.2.0
Twiki Twiki 4.3.0
Twiki Twiki 4.1.1
Twiki Twiki 4.0.0
534
VMScore
CVE-2009-1339
Cross-site request forgery (CSRF) vulnerability in TWiki prior to 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related i...
Twiki Twiki 4.1.2
Twiki Twiki
Twiki Twiki 4.2.4
Twiki Twiki 4.2.1
Twiki Twiki 4.2.0
Twiki Twiki 4.2.3
Twiki Twiki 4.2.2
505
VMScore
CVE-2012-6330
The localization functionality in TWiki prior to 5.1.3, and Foswiki 1.0.x up to and including 1.0.10 and 1.1.x up to and including 1.1.6, allows remote malicious users to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.
Twiki Twiki 5.1.0
Twiki Twiki 5.1.1
Twiki Twiki
Foswiki Foswiki 1.0.2
Foswiki Foswiki 1.0.3
Foswiki Foswiki 1.1.0
Foswiki Foswiki 1.0.4
Foswiki Foswiki 1.0.10
Foswiki Foswiki 1.1.5
Foswiki Foswiki 1.0.1
Foswiki Foswiki 1.1.2
Foswiki Foswiki 1.1.1
Foswiki Foswiki 1.0.0
Foswiki Foswiki 1.1.6
Foswiki Foswiki 1.1.4
Foswiki Foswiki 1.1.3
1 EDB exploit
505
VMScore
CVE-2006-4294
Directory traversal vulnerability in viewfile in TWiki 4.0.0 up to and including 4.0.4 allows remote malicious users to read arbitrary files via a .. (dot dot) in the filename parameter.
Twiki Twiki 4.0.1
Twiki Twiki 4.0.2
Twiki Twiki 4.0.3
Twiki Twiki 4.0.4
Twiki Twiki 4.0.0
1 EDB exploit
454
VMScore
CVE-2006-2942
TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote malicious users to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's logi...
Twiki Twiki 4.0.0
Twiki Twiki 4.0.1
Twiki Twiki 4.0.2
445
VMScore
CVE-2007-5193
The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote malicious users to obtain sensitive information when .htaccess rest...
Twiki Twiki 4.1.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »