This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Moinmoin First view 2004-07-27
Product Moinmoin Last view 2009-04-29
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:moinmoin:moinmoin:1.1:*:*:*:*:*:*:* 11
cpe:2.3:a:moinmoin:moinmoin:1.2.1:*:*:*:*:*:*:* 11
cpe:2.3:a:moinmoin:moinmoin:1.2:*:*:*:*:*:*:* 11
cpe:2.3:a:moinmoin:moinmoin:1.5.7:*:*:*:*:*:*:* 11
cpe:2.3:a:moinmoin:moinmoin:1.2.2:*:*:*:*:*:*:* 10
cpe:2.3:a:moinmoin:moinmoin:0.2:*:*:*:*:*:*:* 10
cpe:2.3:a:moinmoin:moinmoin:0.1:*:*:*:*:*:*:* 10
cpe:2.3:a:moinmoin:moinmoin:0.3:*:*:*:*:*:*:* 10
cpe:2.3:a:moinmoin:moinmoin:0.7:*:*:*:*:*:*:* 10
cpe:2.3:a:moinmoin:moinmoin:0.11:*:*:*:*:*:*:* 10
cpe:2.3:a:moinmoin:moinmoin:1.0:*:*:*:*:*:*:* 10
cpe:2.3:a:moinmoin:moinmoin:0.9:*:*:*:*:*:*:* 10
cpe:2.3:a:moinmoin:moinmoin:0.8:*:*:*:*:*:*:* 10
cpe:2.3:a:moinmoin:moinmoin:0.10:*:*:*:*:*:*:* 10
cpe:2.3:a:moinmoin:moinmoin:1.5.5a:*:*:*:*:*:*:* 9
cpe:2.3:a:moinmoin:moinmoin:1.5.6:*:*:*:*:*:*:* 9
cpe:2.3:a:moinmoin:moinmoin:1.5.1:*:*:*:*:*:*:* 9
cpe:2.3:a:moinmoin:moinmoin:1.5.0:*:*:*:*:*:*:* 9
cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc2:*:*:*:*:*:*:* 9
cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc1:*:*:*:*:*:*:* 9
cpe:2.3:a:moinmoin:moinmoin:1.5.5_rc1:*:*:*:*:*:*:* 9
cpe:2.3:a:moinmoin:moinmoin:1.5.2:*:*:*:*:*:*:* 9
cpe:2.3:a:moinmoin:moinmoin:1.5.4:*:*:*:*:*:*:* 9
cpe:2.3:a:moinmoin:moinmoin:1.5.3:*:*:*:*:*:*:* 9
cpe:2.3:a:moinmoin:moinmoin:1.5.5:*:*:*:*:*:*:* 9
cpe:2.3:a:moinmoin:moinmoin:1.5.8:*:*:*:*:*:*:* 7
cpe:2.3:a:moinmoin:moinmoin:1.6.0:*:*:*:*:*:*:* 4
cpe:2.3:a:moinmoin:moinmoin:1.7.0:*:*:*:*:*:*:* 4
cpe:2.3:a:moinmoin:moinmoin:1.6.2:*:*:*:*:*:*:* 3
cpe:2.3:a:moinmoin:moinmoin:1.6.3:*:*:*:*:*:*:* 3
cpe:2.3:a:moinmoin:moinmoin:1.6.1:*:*:*:*:*:*:* 3
cpe:2.3:a:moinmoin:moinmoin:1.6:*:*:*:*:*:*:* 2
cpe:2.3:a:moinmoin:moinmoin:1.7.1:*:*:*:*:*:*:* 2
cpe:2.3:a:moinmoin:moinmoin:1.7.2:*:*:*:*:*:*:* 2
cpe:2.3:a:moinmoin:moinmoin:1.7.3:*:*:*:*:*:*:* 2
cpe:2.3:a:moinmoin:moinmoin:1.8.1:*:*:*:*:*:*:* 2
cpe:2.3:a:moinmoin:moinmoin:1.7:*:*:*:*:*:*:* 2
cpe:2.3:a:moinmoin:moinmoin:1.8.0:*:*:*:*:*:*:* 2

Related : CVE

  Date Alert Description
4.3 2009-04-29 CVE-2009-1482

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.

4.3 2009-01-27 CVE-2009-0312

Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content.

4.3 2009-01-23 CVE-2009-0260

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).

4.3 2008-07-30 CVE-2008-3381

Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.8 2008-04-25 CVE-2008-1937

The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges.

5 2008-03-05 CVE-2008-1099

_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages.

4.3 2008-03-05 CVE-2008-1098

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780.

5 2008-02-14 CVE-2008-0782

Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.

4.3 2008-02-14 CVE-2008-0781

Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames.

4.3 2008-02-14 CVE-2008-0780

Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action.

5 2007-05-13 CVE-2007-2637

MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors.

5.8 2007-05-01 CVE-2007-2423

Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

5 2007-02-13 CVE-2007-0902

Unspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

4.3 2007-02-13 CVE-2007-0901

Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

4.3 2007-02-08 CVE-2007-0857

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action.

10 2004-12-31 CVE-2004-1463

Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, related to Access Control Lists (ACL), has unknown impact.

7.5 2004-12-31 CVE-2004-1462

Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as (1) revert and (2) delete.

7.5 2004-07-27 CVE-2004-0708

MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges.

CWE : Common Weakness Enumeration

%idName
70% (7) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
20% (2) CWE-264 Permissions, Privileges, and Access Controls
10% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:7891 DSA-1514 moin -- several vulnerabilities
oval:org.mitre.oval:def:18640 DSA-1514-1 moin
oval:org.mitre.oval:def:8023 DSA-1715 moin -- insufficient input sanitising
oval:org.mitre.oval:def:19989 DSA-1715-1 moin - insufficient input sanitising
oval:org.mitre.oval:def:13561 USN-716-1 -- moin vulnerabilities
oval:org.mitre.oval:def:13831 USN-774-1 -- moin vulnerability
oval:org.mitre.oval:def:13624 DSA-1791-1 moin -- insufficient input sanitising

Open Source Vulnerability Database (OSVDB)

id Description
57321 MoinMoin rst Markup Include Directive ACL Bypass
54237 MoinMoin action/AttachFile.py Multiple Function XSS
51632 MoinMoin security/antispam.py Disallowed Content XSS
51485 MoinMoin action/AttachFile.py Multiple Parameter XSS
47094 MoinMoin macro/AdvancedSearch.py Multiple Parameter XSS
44613 MoinMoin userform.py User Management Remote Privilege Escalation
43147 MoinMoin PageEditor.py Multiple Parameter XSS
43146 MoinMoin formatter/text_gedit.py XSS
43145 MoinMoin wikimacro.py _macro_Getval Remote Information Disclosure
41780 MoinMoin MOIN_ID Cookie userform Action Traversal Arbitrary File Overwrite
41779 MoinMoin action/AttachFile.py Multiple Parameter XSS
41778 MoinMoin Login Action XSS
36567 MoinMoin index.php AttachFile Action do Parameter XSS
36269 MoinMoin MonthCalendar Day Page ACL Bypass
33173 MoinMoin Show Debugging Information Functionality Information Disclosure
33172 MoinMoin Info Pages Multiple Parameter XSS
31874 MoinMoin Page Info Field XSS
31873 MoinMoin AttachFile Page Name XSS
31872 MoinMoin RenamePage Page Name XSS
31871 MoinMoin LocalSiteMap Page Name XSS
8195 MoinMoin PageEditor ACL Issue
8194 MoinMoin No ACL Privilege Escalation
6704 MoinMoin Group ACL Bypass

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2009-07-29 Name : Fedora Core 10 FEDORA-2009-7761 (moin)
File : nvt/fcore_2009_7761.nasl
2009-06-23 Name : Fedora Core 10 FEDORA-2009-6557 (moin)
File : nvt/fcore_2009_6557.nasl
2009-06-23 Name : Fedora Core 9 FEDORA-2009-6559 (moin)
File : nvt/fcore_2009_6559.nasl
2009-06-05 Name : Ubuntu USN-774-1 (moin)
File : nvt/ubuntu_774_1.nasl
2009-06-05 Name : Ubuntu USN-771-1 (libmodplug)
File : nvt/ubuntu_771_1.nasl
2009-06-05 Name : Ubuntu USN-772-1 (mpfr)
File : nvt/ubuntu_772_1.nasl
2009-06-05 Name : Ubuntu USN-773-1 (pango1.0)
File : nvt/ubuntu_773_1.nasl
2009-05-20 Name : FreeBSD Ports: moinmoin
File : nvt/freebsd_moinmoin4.nasl
2009-05-20 Name : FreeBSD Ports: moinmoin
File : nvt/freebsd_moinmoin5.nasl
2009-05-11 Name : Debian Security Advisory DSA 1791-1 (moin)
File : nvt/deb_1791_1.nasl
2009-04-28 Name : Fedora Core 10 FEDORA-2009-3868 (moin)
File : nvt/fcore_2009_3868.nasl
2009-04-28 Name : Fedora Core 9 FEDORA-2009-3845 (moin)
File : nvt/fcore_2009_3845.nasl
2009-03-23 Name : Ubuntu Update for moin vulnerabilities USN-458-1
File : nvt/gb_ubuntu_USN_458_1.nasl
2009-03-23 Name : Ubuntu Update for moin, moin1.3 vulnerabilities USN-423-1
File : nvt/gb_ubuntu_USN_423_1.nasl
2009-03-23 Name : Ubuntu Update for moin, moin1.3 vulnerability USN-421-1
File : nvt/gb_ubuntu_USN_421_1.nasl
2009-02-17 Name : Fedora Update for moin FEDORA-2008-3328
File : nvt/gb_fedora_2008_3328_moin_fc7.nasl
2009-02-17 Name : Fedora Update for moin FEDORA-2008-3301
File : nvt/gb_fedora_2008_3301_moin_fc8.nasl
2009-02-16 Name : Fedora Update for moin FEDORA-2008-1880
File : nvt/gb_fedora_2008_1880_moin_fc7.nasl
2009-02-16 Name : Fedora Update for moin FEDORA-2008-1905
File : nvt/gb_fedora_2008_1905_moin_fc8.nasl
2009-02-02 Name : FreeBSD Ports: moinmoin
File : nvt/freebsd_moinmoin3.nasl
2009-02-02 Name : Ubuntu USN-716-1 (moin)
File : nvt/ubuntu_716_1.nasl
2009-02-02 Name : Debian Security Advisory DSA 1715-1 (moin)
File : nvt/deb_1715_1.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200407-09 (MoinMoin)
File : nvt/glsa_200407_09.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200408-25 (MoinMoin)
File : nvt/glsa_200408_25.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200803-27 (moinmoin)
File : nvt/glsa_200803_27.nasl

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2009-05-18 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_bfe218a5421811deb67a0030843d3802.nasl - Type: ACT_GATHER_INFO
2009-05-14 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_fc4d0ae83fa311dea3fd0030843d3802.nasl - Type: ACT_GATHER_INFO
2009-05-12 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-774-1.nasl - Type: ACT_GATHER_INFO
2009-05-07 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1791.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_da9e6438bfc011d8b00e000347a4fa7d.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-716-1.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_1ecf4ca1f7ad11d896c900061bc2ad93.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Fedora host is missing a security update.
File: fedora_2009-3868.nasl - Type: ACT_GATHER_INFO
2009-04-22 Name: The remote Fedora host is missing a security update.
File: fedora_2009-3845.nasl - Type: ACT_GATHER_INFO
2009-02-01 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_6a523dbaeeab11ddab4f0030843d3802.nasl - Type: ACT_GATHER_INFO
2009-01-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1715.nasl - Type: ACT_GATHER_INFO
2008-06-16 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_c4ba95b239ce11dd98c900163e000016.nasl - Type: ACT_GATHER_INFO
2008-05-13 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200805-09.nasl - Type: ACT_GATHER_INFO
2008-05-01 Name: The remote Fedora host is missing a security update.
File: fedora_2008-3328.nasl - Type: ACT_GATHER_INFO
2008-05-01 Name: The remote Fedora host is missing a security update.
File: fedora_2008-3301.nasl - Type: ACT_GATHER_INFO
2008-03-19 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200803-27.nasl - Type: ACT_GATHER_INFO
2008-03-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1514.nasl - Type: ACT_GATHER_INFO
2008-02-26 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_f113bbebe3ac11dcbb89000bcdc1757a.nasl - Type: ACT_GATHER_INFO
2008-02-25 Name: The remote Fedora host is missing a security update.
File: fedora_2008-1905.nasl - Type: ACT_GATHER_INFO
2008-02-25 Name: The remote Fedora host is missing a security update.
File: fedora_2008-1880.nasl - Type: ACT_GATHER_INFO
2008-01-24 Name: The remote web server contains a Python application that suffers from an inpu...
File: moinmoin_cookie_id.nasl - Type: ACT_ATTACK
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-421-1.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-423-1.nasl - Type: ACT_GATHER_INFO
2007-11-10 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-458-1.nasl - Type: ACT_GATHER_INFO
2004-08-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200407-09.nasl - Type: ACT_GATHER_INFO