Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
twiki vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2006-3336
TWiki 01-Dec-2000 up to 4.0.3 allows remote malicious users to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerabil...
Twiki Twiki 2000-12-01
Twiki Twiki 2004-09-04
Twiki Twiki 4.0
Twiki Twiki 2004-09-02
Twiki Twiki 2004-09-03
Twiki Twiki 2003-02-01
Twiki Twiki 2004-09-01
Twiki Twiki 4.0.2
Twiki Twiki 4.0.3
Twiki Twiki 2001-09-01
Twiki Twiki 2001-12-01
Twiki Twiki 4.0.0
Twiki Twiki 4.0.1
5
CVSSv2
CVE-2006-4294
Directory traversal vulnerability in viewfile in TWiki 4.0.0 up to and including 4.0.4 allows remote malicious users to read arbitrary files via a .. (dot dot) in the filename parameter.
Twiki Twiki 4.0.1
Twiki Twiki 4.0.2
Twiki Twiki 4.0.3
Twiki Twiki 4.0.4
Twiki Twiki 4.0.0
1 EDB exploit
4
CVSSv2
CVE-2006-1387
TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE by URL statements that form a loop, such as a page that includes itself.
Twiki Twiki 2004-09-03
Twiki Twiki 2004-09-04
Twiki Twiki 2004-09-01
Twiki Twiki 2004-09-02
Twiki Twiki 2001-12-01
Twiki Twiki 2003-02-01
Twiki Twiki 2001-09-01
Twiki Twiki 4.0
Twiki Twiki 4.0.1
5.1
CVSSv2
CVE-2006-2942
TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote malicious users to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's logi...
Twiki Twiki 4.0.0
Twiki Twiki 4.0.1
Twiki Twiki 4.0.2
7.5
CVSSv2
CVE-2005-2877
The history (revision control) function in TWiki 02-Sep-2004 and previous versions allows remote malicious users to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers.
Twiki Twiki 2004-09-01
Twiki Twiki 2004-09-02
Twiki Twiki 2000-12-01
Twiki Twiki 2001-12-01
Twiki Twiki 2003-02-01
3 EDB exploits
6.4
CVSSv2
CVE-2014-7236
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki prior to 6.0.1 allows remote malicious users to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.
Twiki Twiki
Twiki Twiki 6.0
1 EDB exploit
1 Github repository
4.3
CVSSv2
CVE-2012-0979
Cross-site scripting (XSS) vulnerability in TWiki allows remote malicious users to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user.
Twiki Twiki -
Twiki Twiki 5.1.1
4.3
CVSSv2
CVE-2014-9367
Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote malicious users to conduct cross-site scripting (XSS) attacks via a "'" (single quote) in the scope parameter to do/view/TWiki/WebSearch.
Twiki Twiki 6.0.0
Twiki Twiki 6.0.1
7.5
CVSSv2
CVE-2006-1386
The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote malicious users to read restricted areas and access restricted content in TWiki topics.
Twiki Twiki 4.0
Twiki Twiki 4.0.1
9
CVSSv2
CVE-2006-6071
TWiki 4.0.5 and previous versions, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote malicious users to read arbitrary content by can...
Twiki Twiki
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »