Vulnerabilities > Ikiwiki > Medium

DATE CVE VULNERABILITY TITLE RISK
2009-08-31 CVE-2009-2944 Information Disclosure vulnerability in ikiwiki 'teximg' Plugin Insecure TeX Commands
Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands.
network
low complexity
ikiwiki
5.0
5.0
2008-06-03 CVE-2008-0169 Permissions, Privileges, and Access Controls vulnerability in Ikiwiki
Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.
network
ikiwiki CWE-264
6.8
6.8
2008-04-21 CVE-2008-0165 Cross-Site Request Forgery (CSRF) vulnerability in Ikiwiki
Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.
network
ikiwiki CWE-352
4.3
4.3
2008-02-19 CVE-2008-0809 Cross-Site Scripting vulnerability in Ikiwiki
Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents.
network
ikiwiki CWE-79
4.3
4.3
2008-02-19 CVE-2008-0808 Cross-Site Scripting vulnerability in Ikiwiki
Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags.
network
ikiwiki CWE-79
4.3
4.3