3 matches found
FreeBSD Ports: twiki
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
TWiki脚本文件上传漏洞
BUGTRAQ ID: 18854 CVECAN ID: CVE-2006-3336 TWiki是一款灵活易用、功能强大的企业协作平台。 TWiki对上传文件的后缀检查过滤不充分,远程攻击者可能利用此漏洞上传脚本文件执行,从而以Web进程权限在服务器上执行任意命令。 TWiki上传过滤器可以在上传的文件名后附加.txt后缀,以防执行.php、.php1、.phps、.pl之类的可执行脚本。但是,PHP和其他一些类型允许额外的文件后缀,如.php.en、.php.1和.php.2等。TWiki没有检查这些后缀,也就是可能没有添加.txt文件名后缀便上传一些PHP脚本,导致执行任意代码。 0...
CVE-2006-3336
CVE-2006-3336 affects TWiki up to version 4.0.3 where the upload filter fails to block certain double extensions (e.g., .php.en, .php.1) unless the server disallows script execution in the pub directory. This allows remote attackers to upload and potentially execute scripts, yielding arbitrary co...