Lucene search
SAINT CorporationSAINT:E47EF624813AA42868E470BE7168303BHistoryApr 06, 2006 - 12:00 a.m.
TWiki Search.pm shell command injection
2006-04-0600:00:00
SAINT Corporation
www.saintcorporation.com
24
0.914 High
EPSS
Percentile
98.9%
Added: 04/06/2006
CVE: CVE-2004-1037
BID: 11674
OSVDB: 11714
Background
TWiki is a web-based collaboration platform written in PERL.
Problem
The Search.pm module does not sufficiently check search strings for illegal characters, allowing remote attackers to execute commands using search strings containing single-quote and backtick characters.
Resolution
Apply the update referenced in CIAC Bulletin P-039.
References
<http://archives.neohapsis.com/archives/bugtraq/2004-11/0181.html>
Related
freebsd
freebsd
twiki -- arbitrary shell command execution
2004-11-12 00:00:00
gentoo
gentoo
TWiki: Arbitrary command execution
2004-11-24 00:00:00
saint
saint
TWiki Search.pm shell command injection
2006-04-06 00:00:00
TWiki Search.pm shell command injection
2006-04-06 00:00:00
TWiki Search.pm shell command injection
2006-04-06 00:00:00
securityvulns
securityvulns
[Full-Disclosure] [ GLSA 200411-33 ] TWiki: Arbitrary command execution
2004-11-24 00:00:00
nessus
nessus
GLSA-200411-33 : TWiki: Arbitrary command execution
2004-11-24 00:00:00
FreeBSD : twiki -- arbitrary shell command execution (196)
2004-11-23 00:00:00
packetstorm
packetstorm
TWiki Search Function Arbitrary Command Execution
2010-02-23 00:00:00
cvelist
cvelist
CVE-2004-1037
2004-11-19 05:00:00
openvas
openvas
FreeBSD Ports: twiki
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200411-33 (www-apps/twiki)
2008-09-24 00:00:00
FreeBSD Ports: twiki
2008-09-04 00:00:00
cve
cve
CVE-2004-1037
2005-03-01 05:00:00
ubuntucve
ubuntucve
CVE-2004-1037
2005-03-01 00:00:00
nvd
nvd
CVE-2004-1037
2005-03-01 05:00:00