Moinmo Moinmoin vulnerabilities

CVE-2010-0667 [MEDIUM] CWE-200 CVE-2010-0667: MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors.

CVE-2010-0668 [MEDIUM] CVE-2010-0668: Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9. Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.

CVE-2009-1482 [MEDIUM] CVE-2009-1482: Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and ea Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.

CVE-2008-6603 [MEDIUM] CWE-264 CVE-2008-6603: MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, whic MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.

CVE-2008-6549 [MEDIUM] CVE-2008-6549: The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and pytho The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.

CVE-2008-6548 [MEDIUM] CWE-862 CVE-2008-6548: The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, wh The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.