Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ikiwiki ikiwiki vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2017-0356
A flaw, similar to to CVE-2016-9646, exists in ikiwiki prior to 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an malicious user to bypass authentication via repeated parameters.
Ikiwiki Ikiwiki
Debian Debian Linux 8.0
Debian Debian Linux 7.0
605
VMScore
CVE-2008-0169
Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 up to and including 2.47 allows remote malicious users to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty passw...
Ikiwiki Ikiwiki 2.8
Ikiwiki Ikiwiki 1.5
Ikiwiki Ikiwiki 1.47
Ikiwiki Ikiwiki 1.43
Ikiwiki Ikiwiki 1.41
Ikiwiki Ikiwiki 1.34.2
Ikiwiki Ikiwiki 2.14
Ikiwiki Ikiwiki 1.39
Ikiwiki Ikiwiki 2.40
Ikiwiki Ikiwiki 2.12
Ikiwiki Ikiwiki 1.51
Ikiwiki Ikiwiki 1.36
Ikiwiki Ikiwiki 2.31
Ikiwiki Ikiwiki 2.42
Ikiwiki Ikiwiki 2.0
Ikiwiki Ikiwiki 2.3
Ikiwiki Ikiwiki 1.34
Ikiwiki Ikiwiki 2.47
Ikiwiki Ikiwiki 2.7
Ikiwiki Ikiwiki 1.40
Ikiwiki Ikiwiki 2.17
Ikiwiki Ikiwiki 2.31.2
570
VMScore
CVE-2011-1408
ikiwiki prior to 3.20110608 allows remote malicious users to hijack root's tty and run symlink attacks.
Ikiwiki Ikiwiki
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
445
VMScore
CVE-2019-9187
ikiwiki prior to 3.20170111.1 and 3.2018x and 3.2019x prior to 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.
Ikiwiki Ikiwiki
Ikiwiki Ikiwiki 3.20180228
Ikiwiki Ikiwiki 3.20180311
Ikiwiki Ikiwiki 3.20180105
445
VMScore
CVE-2016-9646
ikiwiki prior to 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
Ikiwiki Ikiwiki
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
445
VMScore
CVE-2016-10026
ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote malicious users to revert certain changes by leveraging permissions to change the ...
Ikiwiki Ikiwiki 3.20161219
445
VMScore
CVE-2009-2944
Incomplete blacklist vulnerability in the teximg plugin in ikiwiki prior to 3.1415926 and 2.x prior to 2.53.4 allows context-dependent malicious users to read arbitrary files via crafted TeX commands.
Ikiwiki Ikiwiki 2.8
Ikiwiki Ikiwiki 3.07
Ikiwiki Ikiwiki 2.55
Ikiwiki Ikiwiki 3.14
Ikiwiki Ikiwiki 2.53
Ikiwiki Ikiwiki 3.14159
Ikiwiki Ikiwiki 3.13
Ikiwiki Ikiwiki 3.11
Ikiwiki Ikiwiki 2.52
Ikiwiki Ikiwiki 3.09
Ikiwiki Ikiwiki 3.141
Ikiwiki Ikiwiki 2.60
Ikiwiki Ikiwiki 2.14
Ikiwiki Ikiwiki 2.66
Ikiwiki Ikiwiki 2.40
Ikiwiki Ikiwiki 2.49
Ikiwiki Ikiwiki 3.04
Ikiwiki Ikiwiki 2.12
Ikiwiki Ikiwiki 2.62.1
Ikiwiki Ikiwiki 3.01
Ikiwiki Ikiwiki 2.50
Ikiwiki Ikiwiki 2.31
383
VMScore
CVE-2015-2793
Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki prior to 3.20150329 allows remote malicious users to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.
Ikiwiki Ikiwiki
Fedoraproject Fedora 22
Fedoraproject Fedora 20
Fedoraproject Fedora 21
383
VMScore
CVE-2010-1673
A cross-site scripting (XSS) vulnerability in ikiwiki prior to 3.20101112 allows remote malicious users to inject arbitrary web script or HTML via a comment.
Ikiwiki Ikiwiki
383
VMScore
CVE-2011-0428
Cross Site Scripting (XSS) in ikiwiki prior to 3.20110122 could allow remote malicious users to insert arbitrary JavaScript due to insufficient checking in comments.
Ikiwiki Ikiwiki
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29824
CVE-2024-30095
CVE-2024-30104
client side
CVE-2024-5840
CVE-2024-34405
unprivileged
wireless
CVE-2024-4577
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »