[37370] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution

daemon@ATHENA.MIT.EDU (Florian Weimer)
Tue Nov 16 14:50:20 2004

To: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com,
        vulnwatch@vulnwatch.org
From: Florian Weimer <fw@deneb.enyo.de>
Date: Tue, 16 Nov 2004 09:01:48 +0100
In-Reply-To: <86zn1mhchx.fsf@n-dimensional.de> (Hans Ulrich Niedermann's
	message of "Sat, 13 Nov 2004 00:30:02 +0100")
Message-ID: <87fz3a1atv.fsf@deneb.enyo.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

* Hans Ulrich Niedermann:

> DETAILS
>
> The TWiki search function uses a user supplied search string to
> compose a command line executed by the Perl backtick (``) operator.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-1037 to this issue.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[37370] in bugtraq

Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution

daemon@ATHENA.MIT.EDU (Florian Weimer)Tue Nov 16 14:50:20 2004

daemon@ATHENA.MIT.EDU (Florian Weimer)
Tue Nov 16 14:50:20 2004