Lucene search
K

3 matches found

OpenVAS
OpenVAS
added 2008/09/04 12:0 a.m.13 views

FreeBSD Ports: twiki

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

4CVSS7.1AI score0.0283EPSS
Exploits2References4
seebug.org
seebug.org
added 2007/12/26 12:0 a.m.38 views

TWiki脚本文件上传漏洞

BUGTRAQ ID: 18854 CVECAN ID: CVE-2006-3336 TWiki是一款灵活易用、功能强大的企业协作平台。 TWiki对上传文件的后缀检查过滤不充分,远程攻击者可能利用此漏洞上传脚本文件执行,从而以Web进程权限在服务器上执行任意命令。 TWiki上传过滤器可以在上传的文件名后附加.txt后缀,以防执行.php、.php1、.phps、.pl之类的可执行脚本。但是,PHP和其他一些类型允许额外的文件后缀,如.php.en、.php.1和.php.2等。TWiki没有检查这些后缀,也就是可能没有添加.txt文件名后缀便上传一些PHP脚本,导致执行任意代码。 0...

4CVSS6.4AI score0.0283EPSS
Exploits2
CVE
CVE
added 2006/07/05 8:0 p.m.50 views

CVE-2006-3336

CVE-2006-3336 affects TWiki up to version 4.0.3 where the upload filter fails to block certain double extensions (e.g., .php.en, .php.1) unless the server disallows script execution in the pub directory. This allows remote attackers to upload and potentially execute scripts, yielding arbitrary co...

4CVSS7.5AI score0.0283EPSS
Exploits2References5Affected Software1
Rows per page
Query Builder