|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[VulnDiscuss] Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution
From: Florian Weimer (fw
deneb.enyo.de)
Date: Tue Nov 16 2004 - 02:01:48 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
* Hans Ulrich Niedermann:
> DETAILS
>
> The TWiki search function uses a user supplied search string to
> compose a command line executed by the Perl backtick (``) operator.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-1037 to this issue.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]