MidnightBSD

Advisories for twig_development_team

CVE-2000-1166 HIGH

Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
twig_development_team twig 2.5.1
CVE-2001-1348 HIGH

TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
twig_development_team twig 2.0_beta2
twig_development_team twig 2.5
twig_development_team twig 2.3.1
twig_development_team twig 2.0
twig_development_team twig 2.3
twig_development_team twig 2.0_beta3
twig_development_team twig 2.0_beta1
twig_development_team twig 2.6
twig_development_team twig 2.5.1
twig_development_team twig 2.0.3
twig_development_team twig 2.2.3
twig_development_team twig 2.3.2
twig_development_team twig 2.0.1
twig_development_team twig 2.0.2
twig_development_team twig 2.1.1
twig_development_team twig 2.2.1
twig_development_team twig 2.2.2
twig_development_team twig 2.1
twig_development_team twig 2.2
twig_development_team twig 2.4
twig_development_team twig 2.6.1
CVE-2001-1361 HIGH

Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
twig_development_team twig *