FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-0287

This CVE name corresponds to:

Entered Topic
2010-01-18 dokuwiki -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2010-0287
Phase Assigned(20100112)

Description

Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.

References

Source Reference
EXPLOIT-DB 11141
CONFIRM http://bugs.splitbrain.org/index.php?do=details&task_id=1847
CONFIRM http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security
DEBIAN DSA-1976
FEDORA FEDORA-2010-0770
FEDORA FEDORA-2010-0800
GENTOO GLSA-201301-07
BID 37821
SECUNIA 38183
VUPEN ADV-2010-0150
XF dokuwiki-ajax-dir-traversal(55660)