Vulnerabilities > Moinmo > Moinmoin

DATE CVE VULNERABILITY TITLE RISK
2010-02-26 CVE-2010-0668 Security vulnerability in MoinMoin
Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.
network
moinmo
6.8
2010-02-26 CVE-2010-0667 Information Exposure vulnerability in Moinmo Moinmoin 1.9.0
MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors.
network
low complexity
moinmo CWE-200
5.0
2009-04-29 CVE-2009-1482 Cross-Site Scripting vulnerability in multiple products
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.
4.3
2009-04-03 CVE-2008-6603 Permissions, Privileges, and Access Controls vulnerability in Moinmo Moinmoin 1.6.2/1.7.0
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.
network
moinmo CWE-264
6.8
2009-03-30 CVE-2008-6549 Unspecified vulnerability in Moinmo Moinmoin 1.6.1
The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.
network
low complexity
moinmo
5.0