Filtered by vendor Twiki
Subscriptions
Filtered by product Twiki
Subscriptions
Total
29 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3819 | 1 Twiki | 1 Twiki | 2025-04-03 | N/A |
| Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF". | ||||
| CVE-2004-1037 | 2 Gentoo, Twiki | 2 Linux, Twiki | 2025-04-03 | N/A |
| The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string. | ||||
| CVE-2005-2877 | 1 Twiki | 1 Twiki | 2025-04-03 | N/A |
| The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers. | ||||
| CVE-2006-2942 | 1 Twiki | 1 Twiki | 2025-04-03 | N/A |
| TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup. | ||||
| CVE-2006-4294 | 1 Twiki | 1 Twiki | 2025-04-03 | N/A |
| Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | ||||
| CVE-2018-20212 | 1 Twiki | 1 Twiki | 2024-11-21 | N/A |
| bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter. | ||||
| CVE-2014-7236 | 1 Twiki | 1 Twiki | 2024-11-21 | 9.1 Critical |
| Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome. | ||||
| CVE-2013-1751 | 1 Twiki | 1 Twiki | 2024-11-21 | 9.8 Critical |
| TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters. | ||||
| CVE-2005-3056 | 1 Twiki | 1 Twiki | 2024-11-21 | 9.8 Critical |
| TWiki allows arbitrary shell command execution via the Include function | ||||