|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-disclosure] PmWiki Multiple Vulnerabilities
From: ascii (ascii
katamail.com)
Date: Sat Jan 28 2006 - 14:07:16 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
PmWiki Multiple Vulnerabilities
Name Multiple Vulnerabilities in PmWiki
Systems Affected PmWiki (verified on 2.1 beta 20)
Severity Medium Risk
Vendor www.pmichaud.com/wiki/PmWiki/PmWiki
Advisory http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/
Author Francesco "aScii" Ongaro (ascii at katamail . com)
Date 20060119
NOTE: This work only with REGISTER_GLOBALS ON on many versions of PHP5
(tested on 5.0.5, 5.1.1, 5.1.2).
This vulnerability defeat PmWiki global sanitizing code and allow
remote arbitrary file inclusion.
Advisory released on 20060128:
PmWiki Multiple Vulnerabilities
http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]