from 0, < 0.0.20160626.a-2.1
from 0, < 0.0.20140505.a+dfsg-4+deb8u1
from 0, < 0.0.20120125b-2+deb7u2
HIGH8.6The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabl…
from 0
MEDIUM6.5Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'[56.1] allows a remote attacker to execute arbitrary code via the q p…
from 0
MEDIUM6.5DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL.
from 0
MEDIUM6.1An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by…
from 0
MEDIUM6.1HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilena…
from 0
MEDIUM6.1DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php.
from 0, < 0.0.20180422.a-1
MEDIUM6.1DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php.
from 0, < 0.0.20180422.a-1
MEDIUM6.1DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.
from 0, < 0.0.20180422.a-1
MEDIUM5.4DokuWiki before 2023-04-04a allows XSS via RSS titles.
from 0
MEDIUM5.3DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify va…
from 0
MEDIUM4.3An issue in Dokuwiki v.2025-05-14b "Librarian" [56.2] allows a remote attacker to cause a denial of service via the media_upload_xhr() func…
from 0
—DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticat…
from 0, < 0.0.20140929.d-1
—The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers…
from 0, < 0.0.20140929.d-1
—DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via…
from 0, < 0.0.20140929.a-1
—dokuwiki - security update
from 0, < 0.0.20140929.a-1
—dokuwiki - security update
from 0, < 0.0.20091225c-10+squeeze3
—The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in th…
from 0, < 0.0.20140505.a+dfsg-1
—dokuwiki - security update
from 0, < 0.0.20120125b-2+deb7u1
—dokuwiki - security update
from 0, < 0.0.20140505.a+dfsg-1
—doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive…
from 0, < 0.0.20130510a-1
—Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or…
from 0, < 0.0.20120125a-1
—Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authenticati…
from 0, < 0.0.20120125a-1
—Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote…
from 0, < 0.0.20120125b-1
—Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to i…
from 0, < 0.0.20110525a-1
—Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c…
from 0, < 0.0.20090214b-3.1
—A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote…
from 0, < 0.0.20090214b-3.1
—dokuwiki - several vulnerabilities
from 0, < 0.0.20090214b-3.1
—dokuwiki - several vulnerabilities
from 0, < 0.0.20080505-4+lenny1
—inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include a…
from 0, < 0.0.20090214b-1
—The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct fi…
from 0, < 0.0.20080505-3.1
—CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrar…
from 0, < 0.0.20061106-1
—lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h…
from 0, < 0.0.20060309-5.2
—lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execut…
from 0, < 0.0.20060309-5.2
—DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling…
from 0, < 0.0.20060309-5.1
—Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP cod…
from 0, < 0.0.20060309-5.1
—Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable fil…
from 0, < 0.0.20060309-5.1
—Unspecified vulnerability in the user profile change functionality in DokuWiki, when Access Control Lists are enabled, allows remote authen…
from 0, < 0.0.20060309-4
—The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "…
from 0, < 0.0.20060309-4
—Cross-site scripting (XSS) vulnerability in the mediamanager module in DokuWiki before 2006-03-05 allows remote attackers to inject arbitra…
from 0, < 0.0.20060309-3