Page 3 of 14 results (0.002 seconds)

CVSS: 10.0EPSS: 5%CPEs: 13EXPL: 1

Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable. Vulnerabilidad de inyección "eval" en TWiki y versiones anteriores a 4.2.4 que permite a los atacantes remotos ejecutar arbitrariamente código Perl a través de la variable %SEARCH{}%. • https://www.exploit-db.com/exploits/32645 http://secunia.com/advisories/33040 http://securitytracker.com/id?1021352 http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305 http://www.securityfocus.com/bid/32668 http://www.vupen.com/english/advisories/2008/3381 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.8EPSS: 12%CPEs: 13EXPL: 2

Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors. Vulnerabilidad de salto de directorio en bin/configure en TWiki anterior a v4.2.3, cuando algún paso en el asistente de instalación es omitido, permite a atacantes remotos leer ficheros de su elección a través de una cadena de consulta que contiene ..(punto punto) en la variable "image", y ejecutar archivos de su elección a través de vectores no especificados. • https://www.exploit-db.com/exploits/6269 https://www.exploit-db.com/exploits/6509 http://secunia.com/advisories/31849 http://secunia.com/advisories/31964 http://securityreason.com/securityalert/4265 http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195 http://twiki.org/cgi-bin/view/Codev/TWikiRelease04x02x03#4_2_3_Bugfix_Highlights http://www.kb.cert.org/vuls/id/362012 http://www.kb.cert.org/vuls/id/RGII-7JEQ7L http://www.vupen.com/english/advisories/2008 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.0EPSS: 0%CPEs: 13EXPL: 1

TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory. Vulnerabilidad en TWiki desde la versión del 01-Dic-2000 hasta la versión v4.0.3 que permite a atacantes remotos saltarse el "upload filter" (filtro o control de subida) y ejecutar código de su elección a traves de nombres de ficheros con dos extensiones como ".php.en", ".php.1" y otras extensiones disponibles que no son .txt. NOTA: para que se produzca esta vulnerabilidad el servidor debe permiter la ejecución de scripts en un directorio público. • http://secunia.com/advisories/20992 http://securitytracker.com/id?1016458 http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads http://www.securityfocus.com/bid/18854 http://www.vupen.com/english/advisories/2006/2677 •

CVSS: 4.0EPSS: 0%CPEs: 9EXPL: 0

TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE by URL statements that form a loop, such as a page that includes itself. • http://secunia.com/advisories/19410 http://twiki.org/cgi-bin/view/Codev/SecurityAdvisoryDosAttackWithInclude http://www.securityfocus.com/bid/17267 http://www.vupen.com/english/advisories/2006/1116 https://exchange.xforce.ibmcloud.com/vulnerabilities/25445 •