4 matches found
Twiki/Fosswiki Unauthenticated Arbitrary File Upload (CVE-2014-7237)
An arbitrary file upload vulnerability has been reported in Twiki/Fosswiki. The vulnerability is due to lack of sanitization for user-supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2014-7237
lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte %00 in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code...
CVE-2014-7237
CVE-2014-7237 affects lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier on Windows. A remote attacker can bypass access restrictions and upload files with restricted names by exploiting a null byte (%00) in a filename to bin/upload.cgi, with demonstration via an .htaccess mechanism to execute arbit...
Twiki Upload Bypass
This is an advisory for TWiki administrators: Attaching a specially named file allows remote upload of an Apache configuration file. This applies to native TWiki installations on Windows, the TWiki-VM virtual machine running in a Windows server environment is not affected. TWiki http://twiki.org ...