FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

twiki -- multiple vulnerabilities

Affected packages
		twiki	<	4.2.4,1

Details

VuXML ID	f98dea27-d687-11dd-abd1-0050568452ac
Discovery	2008-12-05
Entry	2008-12-30

Marc Schoenefeld and Steve Milner of RedHat SRT and Peter Allor of IBM ISS report:

XSS vulnerability with URLPARAM variable

SEARCH variable allows arbitrary shell command execution

[source]

References

Bugtraq ID	32668
Bugtraq ID	32669
CVE Name	CVE-2008-5304
CVE Name	CVE-2008-5305
URL	http://secunia.com/advisories/33040
URL	http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5304
URL	http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305
URL	http://www.securitytracker.com/alerts/2008/Dec/1021351.html
URL	http://www.securitytracker.com/alerts/2008/Dec/1021352.html
URL	http://xforce.iss.net/xforce/xfdb/45293
URL	https://www.it-isac.org/postings/cyber/alertdetail.php?id=4513

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.