MidnightBSD

Advisories for andreas_gohr

CVE-2004-2559 HIGH

DokuWiki before 2004-10-19 allows remote attackers to access administrative functionality including (1) Mediaselectiondialog, (2) Recent changes, (3) feed, and (4) search, possibly due to the lack of ACL checks.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
andreas_gohr dokuwiki release_2004-07-07
andreas_gohr dokuwiki release_2004-07-12
andreas_gohr dokuwiki release_2004-09-25
andreas_gohr dokuwiki release_2004-08-08
andreas_gohr dokuwiki release_2004-07-04
andreas_gohr dokuwiki release_2004-07-21
andreas_gohr dokuwiki release_2004-09-12
andreas_gohr dokuwiki release_2004-09-30
andreas_gohr dokuwiki release_2004-08-15a
andreas_gohr dokuwiki release_2004-08-22
andreas_gohr dokuwiki release_2004-07-25
CVE-2004-2560 HIGH

DokuWiki before 2004-10-19, when used on a web server that permits execution based on file extension, allows remote attackers to execute arbitrary code by uploading a file with an appropriate extension such as ".php" or ".cgi".

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
andreas_gohr dokuwiki release_2004-07-07
andreas_gohr dokuwiki release_2004-07-12
andreas_gohr dokuwiki release_2004-09-25
andreas_gohr dokuwiki release_2004-08-08
andreas_gohr dokuwiki release_2004-07-04
andreas_gohr dokuwiki release_2004-07-21
andreas_gohr dokuwiki release_2004-09-12
andreas_gohr dokuwiki release_2004-09-30
andreas_gohr dokuwiki release_2004-08-15a
andreas_gohr dokuwiki release_2004-08-22
andreas_gohr dokuwiki release_2004-07-25
CVE-2006-1165 MEDIUM

Cross-site scripting (XSS) vulnerability in the mediamanager module in DokuWiki before 2006-03-05 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors relating to "handling EXIF data."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
andreas_gohr dokuwiki release_2004-07-07
andreas_gohr dokuwiki release_2004-11-01
andreas_gohr dokuwiki release_2005-02-18
andreas_gohr dokuwiki release_2004-07-04
andreas_gohr dokuwiki release_2004-07-21
andreas_gohr dokuwiki release_2004-09-12
andreas_gohr dokuwiki release_2004-08-15a
andreas_gohr dokuwiki release_2005-09-22
andreas_gohr dokuwiki release_2006-03-05
andreas_gohr dokuwiki release_2004-11-02
andreas_gohr dokuwiki release_2004-07-25
andreas_gohr dokuwiki release_2005-02-06
andreas_gohr dokuwiki release_2004-09-25
andreas_gohr dokuwiki release_2005-07-13
andreas_gohr dokuwiki release_2004-10-19
andreas_gohr dokuwiki release_2005-01-15
andreas_gohr dokuwiki release_2004-09-30
andreas_gohr dokuwiki release_2005-09-19
andreas_gohr dokuwiki release_2004-08-22
andreas_gohr dokuwiki release_2005-01-14
andreas_gohr dokuwiki release_2005-05-07
andreas_gohr dokuwiki release_2005-01-16a
andreas_gohr dokuwiki release_2004-07-12
andreas_gohr dokuwiki release_2004-08-08
andreas_gohr dokuwiki release_2004-11-10
andreas_gohr dokuwiki release_2005-07-01
CVE-2006-2878 HIGH

The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
andreas_gohr dokuwiki release_2004-07-07
andreas_gohr dokuwiki release_2004-11-01
andreas_gohr dokuwiki release_2005-02-18
andreas_gohr dokuwiki release_2004-07-04
andreas_gohr dokuwiki release_2004-07-21
andreas_gohr dokuwiki release_2004-09-12
andreas_gohr dokuwiki release_2004-08-15a
andreas_gohr dokuwiki release_2005-09-22
andreas_gohr dokuwiki *
andreas_gohr dokuwiki release_2006-03-05
andreas_gohr dokuwiki release_2004-11-02
andreas_gohr dokuwiki release_2004-07-25
andreas_gohr dokuwiki release_2005-02-06
andreas_gohr dokuwiki release_2004-09-25
andreas_gohr dokuwiki release_2005-07-13
andreas_gohr dokuwiki release_2004-10-19
andreas_gohr dokuwiki release_2005-01-15
andreas_gohr dokuwiki release_2004-09-30
andreas_gohr dokuwiki release_2005-09-19
andreas_gohr dokuwiki release_2004-08-22
andreas_gohr dokuwiki release_2005-01-14
andreas_gohr dokuwiki release_2005-05-07
andreas_gohr dokuwiki release_2005-01-16a
andreas_gohr dokuwiki release_2004-07-12
andreas_gohr dokuwiki release_2004-08-08
andreas_gohr dokuwiki release_2004-11-10
andreas_gohr dokuwiki release_2005-07-01
CVE-2006-2945 MEDIUM

Unspecified vulnerability in the user profile change functionality in DokuWiki, when Access Control Lists are enabled, allows remote authenticated users to read unauthorized files via unknown attack vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
andreas_gohr dokuwiki release_2004-07-07
andreas_gohr dokuwiki release_2004-11-01
andreas_gohr dokuwiki release_2005-02-18
andreas_gohr dokuwiki release_2004-07-04
andreas_gohr dokuwiki release_2004-07-21
andreas_gohr dokuwiki release_2004-09-12
andreas_gohr dokuwiki release_2004-08-15a
andreas_gohr dokuwiki release_2005-09-22
andreas_gohr dokuwiki *
andreas_gohr dokuwiki release_2006-03-05
andreas_gohr dokuwiki release_2004-11-02
andreas_gohr dokuwiki release_2004-07-25
andreas_gohr dokuwiki release_2005-02-06
andreas_gohr dokuwiki release_2004-09-25
andreas_gohr dokuwiki release_2005-07-13
andreas_gohr dokuwiki release_2004-10-19
andreas_gohr dokuwiki release_2005-01-15
andreas_gohr dokuwiki release_2004-09-30
andreas_gohr dokuwiki release_2005-09-19
andreas_gohr dokuwiki release_2004-08-22
andreas_gohr dokuwiki release_2005-01-14
andreas_gohr dokuwiki release_2005-05-07
andreas_gohr dokuwiki release_2005-01-16a
andreas_gohr dokuwiki release_2004-07-12
andreas_gohr dokuwiki release_2004-08-08
andreas_gohr dokuwiki release_2004-11-10
andreas_gohr dokuwiki release_2005-07-01
CVE-2006-6965 MEDIUM

CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this issue can be leveraged for XSS attacks.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
andreas_gohr dokuwiki release_2006-03-09e
andreas_gohr dokuwiki release_2006-03-09
CVE-2012-0283 MEDIUM

Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
andreas_gohr dokuwiki 2010-11-07a
andreas_gohr dokuwiki 2011-05-25
andreas_gohr dokuwiki 2005-09-19
andreas_gohr dokuwiki 2006-03-05
andreas_gohr dokuwiki 2007-06-26
andreas_gohr dokuwiki 2011-05-25c
andreas_gohr dokuwiki *
andreas_gohr dokuwiki 2007-07-13
andreas_gohr dokuwiki 2012-01-25
andreas_gohr dokuwiki 2006-11-06
andreas_gohr dokuwiki 2008-05-05
andreas_gohr dokuwiki 2005-09-22
andreas_gohr dokuwiki 2009-02-14b
andreas_gohr dokuwiki 2006-03-09
andreas_gohr dokuwiki 2009-12-25c
andreas_gohr dokuwiki 2011-05-25a
andreas_gohr dokuwiki 2005-07-01
CVE-2012-2128 MEDIUM

Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129: "the exploit code simply uses the XSS hole to extract a valid CSRF token."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
andreas_gohr dokuwiki 2012-01-25