Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution

From: Florian Weimer (fw_at_deneb.enyo.de)
Date: 11/16/04

Next message: Castigliola, Angelo: "RE: [Full-Disclosure] question regarding CAN-2004-0930"

Previous message: Berend-Jan Wever: "Skype callto:// BoF technical details"
In reply to: Hans Ulrich Niedermann: "[VulnWatch] TWiki search function allows arbitrary shell command execution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com, vulnwatch@vulnwatch.org
Date: Tue, 16 Nov 2004 09:01:48 +0100

* Hans Ulrich Niedermann:

> DETAILS
>
> The TWiki search function uses a user supplied search string to
> compose a command line executed by the Perl backtick (``) operator.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-1037 to this issue.

Next message: Castigliola, Angelo: "RE: [Full-Disclosure] question regarding CAN-2004-0930"

Previous message: Berend-Jan Wever: "Skype callto:// BoF technical details"
In reply to: Hans Ulrich Niedermann: "[VulnWatch] TWiki search function allows arbitrary shell command execution"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]