Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
[VulnDiscuss] Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution
From: Florian Weimer (fwdeneb.enyo.de)
Date: Tue Nov 16 2004 - 02:01:48 CST
* Hans Ulrich Niedermann:
> The TWiki search function uses a user supplied search string to
> compose a command line executed by the Perl backtick (``) operator.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-1037 to this issue.