Page 2 of 8 results (0.002 seconds)

CVSS: 6.0EPSS: 95%CPEs: 79EXPL: 4

CVE-2012-6081 – MoinMoin - twikidraw Action Traversal Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2012-6081

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012. Múltiples subidas de fichero sin restricción en las acciones 1) twikidraw (action/twikidraw.py) y (2) anywikidraw (action/anywikidraw.py) en MoinMoin antes de v1.9.6 permitie a usuarios remotos autenticados con permisos de escritura para ejecutar código arbitrario mediante la carga de un archivo con una extensión ejecutable, y acceder a el a través de una solicitud dirigida directamente al archivo en un directorio especificado, como se explotó en en julio de 2012. • https://www.exploit-db.com/exploits/26422 https://www.exploit-db.com/exploits/25304 http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f http://moinmo.in/MoinMoinRelease1.9 http://moinmo.in/SecurityFixes http://secunia.com/advisories/51663 http://secunia.com/advisories/51676 http://secunia.com/advisories/51696 http://ubuntu.com/usn/usn-1680-1 http://www.debian.org/security/2012/dsa-2593 http://www.exploit-db.com/exploits/25304 http://www.openwall.com/lists/oss&# •

CVSS: 6.0EPSS: 3%CPEs: 79EXPL: 3

CVE-2012-6495 – MoinMoin - twikidraw Action Traversal Arbitrary File Upload

https://notcve.org/view.php?id=CVE-2012-6495

Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code. Múltiples vulnerabilidades de salto de directorio en (1) twikidraw (acction/twikidraw.py) y (2) anywikidraw (acction/anywikidraw.py), acciones en MoinMoin antes de v1.9.6 a usuarios remotos autenticados con permisos de escritura sobrescribir archivos arbitrarios a través de vectores no especificados. NOTA: esto puede ser aprovechado con CVE-2012-6081 para ejecutar código arbitrario. • https://www.exploit-db.com/exploits/26422 https://www.exploit-db.com/exploits/25304 http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f http://moinmo.in/MoinMoinRelease1.9 http://moinmo.in/SecurityFixes http://secunia.com/advisories/51696 http://ubuntu.com/usn/usn-1680-1 http://www.debian.org/security/2012/dsa-2593 http://www.openwall.com/lists/oss-security/2012/12/29/6 http://www.openwall.com/lists/oss-security/2012/12/30/4 https://bugs.launchpad.net • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.0EPSS: 0%CPEs: 5EXPL: 0

CVE-2012-4404

https://notcve.org/view.php?id=CVE-2012-4404

security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group. security/__init__.py en MoinMoin v1.9 hasta v1.9.4 no trata correctamente los nombres de los grupos que contienen nombres de grupos virtuales tales como "All", "Known", o "Trusted", lo que permite ser tratados como miembros del grupo no-virtual a usuarios remotos autenticados que pertenezcan a un grupo virtual. • http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16 http://moinmo.in/SecurityFixes http://secunia.com/advisories/50474 http://secunia.com/advisories/50496 http://secunia.com/advisories/50885 http://www.debian.org/security/2012/dsa-2538 http://www.openwall.com/lists/oss-security/2012/09/04/4 http://www.openwall.com/lists/oss-security/2012/09/05/2 http://www.ubuntu.com/usn/USN-1604-1 • CWE-264: Permissions, Privileges, and Access Controls •