Vulnerabilities > Dokuwiki > Dokuwiki > 2009.12.25c
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-10-22 | CVE-2014-8763 | Improper Authentication vulnerability in multiple products DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind. | 5.0 |
| 2014-10-22 | CVE-2014-8762 | Information Exposure vulnerability in Dokuwiki The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter. | 5.0 |
| 2014-10-22 | CVE-2014-8761 | Information Exposure vulnerability in Dokuwiki inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call. | 5.0 |
| 2011-09-23 | CVE-2011-3727 | Information Exposure vulnerability in Dokuwiki 20091225C DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files. | 5.0 |
| 2011-07-14 | CVE-2011-2510 | Cross-Site Scripting vulnerability in Dokuwiki Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbitrary web script or HTML via a link. | 4.3 |
| 2010-02-15 | CVE-2010-0289 | Cross-Site Request Forgery (CSRF) vulnerability in Dokuwiki Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors. | 6.8 |
| 2010-02-15 | CVE-2010-0288 | Permissions, Privileges, and Access Controls vulnerability in Dokuwiki A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010. | 7.5 |
| 2010-02-15 | CVE-2010-0287 | Path Traversal vulnerability in Dokuwiki Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. | 5.0 |