Vulnerabilities > Moinmo > Moinmoin
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-02-26 | CVE-2010-0668 | Security vulnerability in MoinMoin Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured. network moinmo | 6.8 |
2010-02-26 | CVE-2010-0667 | Information Exposure vulnerability in Moinmo Moinmoin 1.9.0 MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2009-04-29 | CVE-2009-1482 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260. | 4.3 |
2009-04-03 | CVE-2008-6603 | Permissions, Privileges, and Access Controls vulnerability in Moinmo Moinmoin 1.6.2/1.7.0 MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937. | 6.8 |
2009-03-30 | CVE-2008-6549 | Unspecified vulnerability in Moinmo Moinmoin 1.6.1 The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors. | 5.0 |