[UNIX] DoKuWiki Weak File Validation

From: SecuriTeam (support_at_securiteam.com)
Date: 04/17/05

  • Next message: SecuriTeam: "[NEWS] LG U8120 Mobile Phone DoS"
    To: list@securiteam.com
    Date: 17 Apr 2005 09:55:44 +0200
    
    

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      DoKuWiki Weak File Validation
    ------------------------------------------------------------------------

    SUMMARY

     <http://www.splitbrain.org/go/dokuwiki> DokuWiki is "a standards
    compliant, simple to use Wiki, mainly aimed at creating documentation of
    any kind".

    Weak file validation in DoKuWiki allows user with upload privileges to
    upload any file types.

    DETAILS

    Vulnerable Systems:
     * DoKuWiki build 18.02.2005

    Remote users with file upload privileges can upload file types with any
    extension, this by appending an allowed extension into the middle of the
    filename, for example if the extension 'gif' is allowed the following file
    can be uploaded: example.gif.php.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:kre0n@mail.ru> kreon.
    The original article can be found at: <http://adz.void.ru/>
    http://adz.void.ru/

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.


  • Next message: SecuriTeam: "[NEWS] LG U8120 Mobile Phone DoS"

    Relevant Pages

    • [NT] DeskNow Mail and Collaboration Server Directory Traversal Vulnerabilities
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Collaboration Server is "a full-featured and integrated mail and instant ... attachment upload feature that may be exploited to upload files to ... * DeskNow Mail and Collaboration Server version 2.5.12 and prior ...
      (Securiteam)
    • [NT] Kyocera Mita Scanner File Utility (Multiple)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Part of the solution requires a listener at the PC/Mac, ... Unauthorized document upload - The listener works in conjunction with the ... This provides an attacker with the ability to directly upload a file to ...
      (Securiteam)
    • [UNIX] LightBlog Arbitrary File Upload Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... LightBlog Arbitrary File Upload Vulnerability ...
      (Securiteam)
    • [UNIX] MoniWiki Arbitrary File Uploading
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Therefore a malicious attacker can upload an arbitrary script files (with ... MIME module regards attack.php.hwp as a normal PHP file and execute the ...
      (Securiteam)
    • [UNIX] X Server Extensions Memory Corruption Vulnerabilities
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Local exploitation of a memory corruption vulnerability in the ... "ProcRenderAddGlyphs" function lies within the Render extension. ...
      (Securiteam)