CVSS: 9.8EPSS: 1%CPEs: 13EXPL: 1CVE-2006-3336
https://notcve.org/view.php?id=CVE-2006-3336
05 Jul 2006 — TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory. Vulnerabilidad en TWiki desde la versión del 01-Dic-2000 hasta la versión v4.0.3 que permite a atacantes remotos saltarse el "upload filter" (filtro o control de subida) y ejecutar código de s... • http://secunia.com/advisories/20992 •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2006-1387
https://notcve.org/view.php?id=CVE-2006-1387
26 Mar 2006 — TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE by URL statements that form a loop, such as a page that includes itself. • http://secunia.com/advisories/19410 •