Lucene search
K

12 matches found

Packet Storm
Packet Storm
added 2008/09/22 12:0 a.m.23 views

twiki-exec.txt

-----------webDEViL - w3bd3vil at gmail dot com ----------- -----------TWiki Remote Code Execution header-type = $query-param'type'; So use this instead: print 'Content-type: '.$query-param'type'."\n\n"; if openF, 'logos/'.$query-param'image' local $/ = undef; print ; closeF;...

6.8CVSS6.4AI score0.0828EPSS
Exploits6
seebug.org
seebug.org
added 2008/09/22 12:0 a.m.45 views

TWiki <= 4.2.2 (action) Remote Code Execution Vulnerability

No description provided by source. -----------webDEViL - w3bd3vil at gmail dot com ----------- -----------TWiki Remote Code Execution = 4.2.2-------------------- ----------developers site: http://www.twiki.org------------------- ----------CVE Ids : CVE-2008-3195--------------------------...

6.8CVSS0.0828EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2008/09/22 12:0 a.m.24 views

Debian DSA-1639-1 : twiki - command execution

It was discovered that twiki, a web-based collaboration platform, didn't properly sanitize the image parameter in its configuration script. This could allow remote users to execute arbitrary commands upon the system, or read any files which were readable by the webserver user. %NASLMINLEVEL 70300...

6.8CVSS5.8AI score0.0828EPSS
Exploits6References3
exploitpack
exploitpack
added 2008/09/21 12:0 a.m.19 views

TWiki 4.2.2 - action Remote Code Execution

TWiki 4.2.2 - action Remote Code Execution -----------webDEViL - w3bd3vil at gmail dot com ----------- -----------TWiki Remote Code Execution header-type = $query-param'type'; So use this instead: print 'Content-type: '.$query-param'type'."\n\n"; if openF, 'logos/'.$query-param'image' local $/ =...

6.8CVSS0.0828EPSS
Exploits6
0day.today
0day.today
added 2008/09/21 12:0 a.m.47 views

TWiki <= 4.2.2 (action) Remote Code Execution Vulnerability

Exploit for cgi platform in category web applications =========================================================== TWiki header-type = $query-param'type'; So use this instead: print 'Content-type: '.$query-param'type'."\n\n"; if openF, 'logos/'.$query-param'image' local $/ = undef; print ; closeF;...

7.1AI score0.0828EPSS
Exploits6
Debian
Debian
added 2008/09/19 7:25 p.m.15 views

[SECURITY] [DSA 1639-1] New twiki packages execution of arbitrary code

------------------------------------------------------------------------ Debian Security Advisory DSA-1639-1 [email protected] http://www.debian.org/security/ Steve Kemp September 19, 2008 http://www.debian.org/security/faq -...

6.8CVSS7.3AI score0.0828EPSS
Exploits6
UbuntuCve
UbuntuCve
added 2008/09/18 3:4 p.m.18 views

CVE-2008-3195

Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. dot dot in the image variable, and execute arbitrary files via unspecified vectors...

6.8CVSS6.1AI score0.0828EPSS
Exploits6References1
CVE
CVE
added 2008/09/17 6:6 p.m.146 views

CVE-2008-3195

CVE-2008-3195 affects TWiki prior to 4.2.3. The bin/configure script is vulnerable to directory traversal via the image parameter in installation steps, allowing read access to arbitrary files and potentially code execution. Public records (exploitdb, Debian security advisory DSA-1639-1, OpenVAS ...

6.8CVSS6.8AI score0.0828EPSS
Exploits6References11Affected Software1
Prion
Prion
added 2008/09/16 11:0 p.m.12 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3195. Reason: This candidate is a duplicate of CVE-2008-3195. Notes: All CVE users should reference CVE-2008-3195 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

6.6AI score0.0828EPSS
Exploits6
CVE
CVE
added 2008/09/16 11:0 p.m.40 views

CVE-2008-4112

This CVE-2008-4112 entry is rejected and not active; use CVE-2008-3195 instead.

6.2AI score
Exploits6
CERT
CERT
added 2008/09/12 12:0 a.m.69 views

TWiki command execution vulnerability

Overview The TWiki wiki software fails to validate input passed to certain URLs. By accessing a URL containing the TWiki configuration script, an attacker may be able to read arbitrary files. Description TWiki is a wiki that is runs in the context of the Apache web server. TWiki is installed by...

6.8CVSS7AI score0.0828EPSS
Exploits6References5
Tenable Nessus
Tenable Nessus
added 2008/08/23 12:0 a.m.28 views

TWiki bin/configure 'image' Parameter Traversal Arbitrary File Access/Execution

The version of TWiki running on the remote host allows access to the 'configure' script, and fails to sanitize the 'image' parameter of that script. When the 'action' parameter is set to 'image', an unauthenticated attacker can exploit this issue to execute arbitrary code or to view arbitrary fil...

6.8CVSS6AI score0.0828EPSS
Exploits6References3
Rows per page
Query Builder