FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

twiki -- multiple vulnerabilities

Affected packages
twiki < 4.2.4,1

Details

VuXML ID f98dea27-d687-11dd-abd1-0050568452ac
Discovery 2008-12-05
Entry 2008-12-30

Marc Schoenefeld and Steve Milner of RedHat SRT and Peter Allor of IBM ISS report:

XSS vulnerability with URLPARAM variable

SEARCH variable allows arbitrary shell command execution

[source]

References

Bugtraq ID 32668
Bugtraq ID 32669
CVE Name CVE-2008-5304
CVE Name CVE-2008-5305
URL http://secunia.com/advisories/33040
URL http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5304
URL http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305
URL http://www.securitytracker.com/alerts/2008/Dec/1021351.html
URL http://www.securitytracker.com/alerts/2008/Dec/1021352.html
URL http://xforce.iss.net/xforce/xfdb/45293
URL https://www.it-isac.org/postings/cyber/alertdetail.php?id=4513

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.