From 2d21d78568e58e2a5a05947758006976e1005132 Mon Sep 17 00:00:00 2001 From: Xin LI Date: Mon, 18 Jan 2010 17:45:54 +0000 Subject: Document dokuwiki multiple vulnerabilities. --- security/vuxml/vuln.xml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 40b34a0fb1ca..ebe57f051bad 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,40 @@ Note: Please add new entries to the beginning of this file. --> + + dokuwiki -- multiple vulnerabilities + + + dokuwiki + 20091225_2 + + + + +

Dokuwiki reports:

+
The plugin does no checks against cross-site request + forgeries (CSRF) which can be exploited to e.g. change + the access control rules by tricking a logged in + administrator into visiting a malicious web site.
+

+
The bug allows listing the names of arbitrary file on + the webserver - not their contents. This could leak + private information about wiki pages and server structure.
+

+ + + + http://bugs.splitbrain.org/index.php?do=details&task_id=1847 + http://bugs.splitbrain.org/index.php?do=details&task_id=1853 + + + 2010-01-17 + 2010-01-18 + + + Zend Framework -- multiple vulnerabilities -- cgit v1.2.3