LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

dokuwiki: multiple vulnerabilities

Package(s):dokuwiki CVE #(s):CVE-2010-0287 CVE-2010-0288 CVE-2010-0289
Created:January 22, 2010 Updated:January 27, 2010
Description: From the Debian advisory:

It was discovered that an internal variable is not properly sanitized before being used to list directories. This can be exploited to list contents of arbitrary directories. CVE-2010-0287

It was discovered that the ACL Manager plugin doesn't properly check the administrator permissions. This allow an attacker to introduce arbitrary ACL rules and thus gaining access to a closed Wiki. CVE-2010-0288

It was discovered that the ACL Manager plugin doesn't have protections against cross-site request forgeries (CSRF). This can be exploited to change the access control rules by tricking a logged in administrator into visiting a malicious web site. CVE-2010-0289

Alerts:
Debian DSA-1976-1 2010-01-22
Gentoo 201301-07 2013-01-09
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds