8 matches found
CVE-2004-1037
creationtimestamp| type| source ---|---|--- 2010-07-03 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16894 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/twikisearch.rb 2025-02-06 03:13:38+00:00| seen|...
TWiki - Search Function Arbitrary Command Execution (Metasploit)
$Id: twikisearch.rb 9671 2010-07-03 06:21:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
TWiki Search Function Arbitrary Command Execution
This module exploits a vulnerability in the search component of TWiki. By passing a 'search' parameter containing shell metacharacters to the 'WebSearch' script, an attacker can execute arbitrary OS commands. This module requires Metasploit: https://metasploit.com/download Current source:...
Gentoo Security Advisory GLSA 200411-33 (www-apps/twiki)
The remote host is missing updates announced in advisory GLSA 200411-33. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
FreeBSD Ports: twiki
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
TWiki Search.pm shell command injection
Added: 04/06/2006 CVE: CVE-2004-1037 BID: 11674 OSVDB: 11714 Background TWiki is a web-based collaboration platform written in PERL. Problem The Search.pm module does not sufficiently check search strings for illegal characters, allowing remote attackers to execute commands using search strings...
CVE-2004-1037
The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string...
CVE-2004-1037
CVE-2004-1037 affects TWiki prior to fix where the search function accepts a user-supplied search string. The vulnerability allows remote attackers to execute arbitrary OS commands by injecting shell metacharacters in the search parameter to the WebSearch script, potentially compromising the TWik...