5 matches found
CVE-2008-4998
postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid...
Design/Logic Flaw
postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid...
CVE-2008-4998
postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating "this bug is invalid...
PT-2008-6168 · Twiki · Twiki
Name of the Vulnerable Software and Affected Versions: twiki version 4.1.2 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. The vendor disputes this issue, stating it is invalid. Recommendations: For twiki version 4.1.2,...
CVE-2007-5193
The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory cfgRCSWorkAreaDir under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied...