Info

Last Modified

7 months ago

Percent Complete

15%

Disclosure

Nov 13, 2004

Discovery

Nov 12, 2004

Dates

Exploit

Oct 01, 2004

Solution

Unknown

This Entry needs help! It is only 15% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Description

(Description Provided by CVE) : The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.

Classification

Location: Remote/Network Access Required
Disclosure: Discovered in the Wild
OSVDB: Web Related

Products

Unknown or Incomplete

References

Security Tracker: 1012223
Secunia Advisory ID: 13190 13296
ISS X-Force ID: 18062
CVE ID: 2004-1037 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0262.html
http://archives.neohapsis.com/archives/fulldisclosure/2004-11/0445.html
http://archives.neohapsis.com/archives/vulndiscuss/2004-q4/0012.html
Other Advisory URL: http://security.gentoo.org/glsa/glsa-200411-33.xml
Vendor URL: http://twiki.org/
Vendor Specific Advisory URL: http://www.twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch
CIAC Advisory: p-039

Tools & Filters

Nessus	15815 15827

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches