Download
| Alert*
oval:org.secpod.oval:def:106766
ikiwiki is installed oval:org.secpod.oval:def:53524 Joey Hess discovered that the aggregate plugin of the Ikiwiki wiki compiler was susceptible to server-side request forgery, resulting in information disclosure or denial of service. oval:org.secpod.oval:def:603674 Joey Hess discovered that the aggregate plugin of the Ikiwiki wiki compiler was susceptible to server-side request forgery, resulting in information disclosure or denial of service. oval:org.secpod.oval:def:106380 Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins. oval:org.secpod.oval:def:106419 Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins. oval:org.secpod.oval:def:601403 ikiwiki is installed oval:org.secpod.oval:def:600808 Raul Benencia discovered that ikiwiki, a wiki compiler, does not properly escape the author of certain metadata, such as comments. This might be used to conduct cross-site scripting attacks. oval:org.secpod.oval:def:600229 Tango discovered that ikiwiki, a wiki compiler, is not validating if the htmlscrubber plugin is enabled or not on a page when adding alternative stylesheets to pages. This enables an attacker who is able to upload custom stylesheets to add malicious stylesheets as an alternate stylesheet, or replace ... oval:org.secpod.oval:def:111945 Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins. oval:org.secpod.oval:def:111946 Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins. oval:org.secpod.oval:def:108798 Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins. oval:org.secpod.oval:def:108821 Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins. oval:org.secpod.oval:def:1901242 ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method , which can be abused to lead to commit metadata forgery. oval:org.secpod.oval:def:602739 Multiple vulnerabilities have been found in the Ikiwiki wiki compiler: CVE-2016-9646 Commit metadata forgery via CGI::FormBuilder context-dependent APIs CVE-2016-10026 Editing restriction bypass for git revert CVE-2017-0356 Authentication bypass via repeated parameters Additional details on these vu ... oval:org.secpod.oval:def:1901228 Cross-site scripting vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message. oval:org.secpod.oval:def:602494 Simon McVittie discovered a cross-site scripting vulnerability in the error reporting of Ikiwiki, a wiki compiler. This update also hardens ikiwiki"s use of imagemagick in the img plugin. oval:org.secpod.oval:def:1901472 A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin"s use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters. oval:org.secpod.oval:def:1901295 ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision w ... oval:org.secpod.oval:def:1901417 The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229. |