Lucene search
+L

4 matches found

checkpoint_advisories
checkpoint_advisories
added 2014/12/03 12:0 a.m.6 views

Twiki/Fosswiki Unauthenticated Arbitrary File Upload (CVE-2014-7237)

An arbitrary file upload vulnerability has been reported in Twiki/Fosswiki. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.8CVSS7.3AI score0.20059EPSS
Exploits3
nvd
nvd
added 2014/10/16 12:55 a.m.22 views

CVE-2014-7237

lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte %00 in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code...

6.8CVSS7.4AI score0.20059EPSS
Exploits3References4
cve
cve
added 2014/10/16 12:0 a.m.51 views

CVE-2014-7237

CVE-2014-7237 affects lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier on Windows. A remote attacker can bypass access restrictions and upload files with restricted names by exploiting a null byte (%00) in a filename to bin/upload.cgi, with demonstration via an .htaccess mechanism to execute arbit...

6.8CVSS7.6AI score0.20059EPSS
Exploits3References4Affected Software2
packetstorm
packetstorm
added 2014/10/10 12:0 a.m.51 views

Twiki Upload Bypass

This is an advisory for TWiki administrators: Attaching a specially named file allows remote upload of an Apache configuration file. This applies to native TWiki installations on Windows, the TWiki-VM virtual machine running in a Windows server environment is not affected. TWiki http://twiki.org ...

6.8CVSS0.2AI score0.20059EPSS
Exploits3
Rows per page
Query Builder