[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution

To: full-disclosure@xxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, vulnwatch@xxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution
From: Florian Weimer <fw@xxxxxxxxxxxxx>
Date: Tue, 16 Nov 2004 09:01:48 +0100

* Hans Ulrich Niedermann:

> DETAILS
>
> The TWiki search function uses a user supplied search string to
> compose a command line executed by the Perl backtick (``) operator.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-1037 to this issue.

References:
- TWiki search function allows arbitrary shell command execution
  - From: Hans Ulrich Niedermann

Prev by Date: [SECURITY] [DSA 593-1] New imagemagick packages fix arbitrary code execution
Next by Date: Flaws in SP2 security features, part II
Previous by thread: TWiki search function allows arbitrary shell command execution
Next by thread: IPSwitch-IMail-8.13 Stack Overflow in the DELETE Command
Index(es):
- Date
- Thread