Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution

From: Florian Weimer (fw_at_deneb.enyo.de)
Date: 11/16/04

  • Next message: Castigliola, Angelo: "RE: [Full-Disclosure] question regarding CAN-2004-0930"
    To: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com, vulnwatch@vulnwatch.org
    Date: Tue, 16 Nov 2004 09:01:48 +0100
    
    

    * Hans Ulrich Niedermann:

    > DETAILS
    >
    > The TWiki search function uses a user supplied search string to
    > compose a command line executed by the Perl backtick (``) operator.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CAN-2004-1037 to this issue.


  • Next message: Castigliola, Angelo: "RE: [Full-Disclosure] question regarding CAN-2004-0930"