Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ikiwiki ikiwiki vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-0356
A flaw, similar to to CVE-2016-9646, exists in ikiwiki prior to 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an malicious user to bypass authentication via repeated parameters.
Ikiwiki Ikiwiki
Debian Debian Linux 7.0
Debian Debian Linux 8.0
6.8
CVSSv2
CVE-2008-0169
Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 up to and including 2.47 allows remote malicious users to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty passw...
Ikiwiki Ikiwiki 1.37
Ikiwiki Ikiwiki 1.34.1
Ikiwiki Ikiwiki 1.34.2
Ikiwiki Ikiwiki 1.41
Ikiwiki Ikiwiki 1.42
Ikiwiki Ikiwiki 1.5
Ikiwiki Ikiwiki 1.51
Ikiwiki Ikiwiki 2.14
Ikiwiki Ikiwiki 2.15
Ikiwiki Ikiwiki 2.3
Ikiwiki Ikiwiki 2.30
Ikiwiki Ikiwiki 2.42
Ikiwiki Ikiwiki 1.35
Ikiwiki Ikiwiki 1.36
Ikiwiki Ikiwiki 1.43
Ikiwiki Ikiwiki 1.44
Ikiwiki Ikiwiki 2.0
Ikiwiki Ikiwiki 2.1
Ikiwiki Ikiwiki 2.16
Ikiwiki Ikiwiki 2.17
Ikiwiki Ikiwiki 2.31
Ikiwiki Ikiwiki 2.31.1
6.4
CVSSv2
CVE-2011-1408
ikiwiki prior to 3.20110608 allows remote malicious users to hijack root's tty and run symlink attacks.
Ikiwiki Ikiwiki
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 8.0
5
CVSSv2
CVE-2019-9187
ikiwiki prior to 3.20170111.1 and 3.2018x and 3.2019x prior to 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.
Ikiwiki Ikiwiki 3.20180228
Ikiwiki Ikiwiki 3.20180105
Ikiwiki Ikiwiki
Ikiwiki Ikiwiki 3.20180311
5
CVSSv2
CVE-2016-9646
ikiwiki prior to 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
Ikiwiki Ikiwiki
Debian Debian Linux 9.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
5
CVSSv2
CVE-2016-10026
ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote malicious users to revert certain changes by leveraging permissions to change the ...
Ikiwiki Ikiwiki 3.20161219
5
CVSSv2
CVE-2009-2944
Incomplete blacklist vulnerability in the teximg plugin in ikiwiki prior to 3.1415926 and 2.x prior to 2.53.4 allows context-dependent malicious users to read arbitrary files via crafted TeX commands.
Ikiwiki Ikiwiki 2.10
Ikiwiki Ikiwiki 2.13
Ikiwiki Ikiwiki 2.0
Ikiwiki Ikiwiki 2.19
Ikiwiki Ikiwiki 2.31.3
Ikiwiki Ikiwiki 2.3
Ikiwiki Ikiwiki 2.4
Ikiwiki Ikiwiki 2.7
Ikiwiki Ikiwiki 3.14159
Ikiwiki Ikiwiki 3.1415
Ikiwiki Ikiwiki 3.09
Ikiwiki Ikiwiki 3.08
Ikiwiki Ikiwiki 2.72
Ikiwiki Ikiwiki 2.71
Ikiwiki Ikiwiki 2.64
Ikiwiki Ikiwiki 2.63
Ikiwiki Ikiwiki 2.54
Ikiwiki Ikiwiki 2.53
Ikiwiki Ikiwiki 2.52
Ikiwiki Ikiwiki 2.6.1
Ikiwiki Ikiwiki 2.00
Ikiwiki Ikiwiki 2.11
4.3
CVSSv2
CVE-2015-2793
Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki prior to 3.20150329 allows remote malicious users to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.
Ikiwiki Ikiwiki
Fedoraproject Fedora 22
Fedoraproject Fedora 20
Fedoraproject Fedora 21
4.3
CVSSv2
CVE-2010-1673
A cross-site scripting (XSS) vulnerability in ikiwiki prior to 3.20101112 allows remote malicious users to inject arbitrary web script or HTML via a comment.
Ikiwiki Ikiwiki
4.3
CVSSv2
CVE-2011-0428
Cross Site Scripting (XSS) in ikiwiki prior to 3.20110122 could allow remote malicious users to insert arbitrary JavaScript due to insufficient checking in comments.
Ikiwiki Ikiwiki
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »