4 matches found
Twiki Perl 4.x, 5.x, 6.x Upload Bypass / Code Execution Vulnerabilities
The debugenableplugins request parameter in Twiki versions 4.x, 5.x, and 6.0.0 allows arbitrary Perl code execution and suffer from a file upload bypass vulnerability. This is an advisory for TWiki administrators: The debugenableplugins request parameter allows arbitrary Perl code execution...
Code injection
TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service infinite recursion leading to CPU and memory consumption via INCLUDE by URL statements that form a loop, such as a page that includes itself...
CVE-2006-1386
The 1 rdiff and 2 preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics...
Authentication flaw
The 1 rdiff and 2 preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics...