what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 4 of 4

Files from Peter Thoeny

Twiki Perl Code Execution

Posted Oct 10, 2014

Authored by Peter Thoeny

The debugenableplugins request parameter in Twiki versions 4.x, 5.x, and 6.0.0 allows arbitrary Perl code execution.

tags | exploit, arbitrary, perl, code execution

advisories | CVE-2014-7236

SHA-256 | 7e6bafc3f4e27a15de8ac1ae847247abec86cca045f3b86848aeae7d24f79d02

Download | Favorite | View

Twiki Upload Bypass

Posted Oct 10, 2014

Authored by Peter Thoeny

Twiki versions 4.x, 5.x, and 6.0.0 suffer from a file upload bypass vulnerability.

tags | exploit, bypass, file upload

advisories | CVE-2014-7237

SHA-256 | e814ba5eee65de4bc58fee28adad2d2fa3cac065ea836323e7b984104a372fa8

Download | Favorite | View

TWiki 5.1.3 Command Execution

Posted Feb 18, 2013

Authored by Peter Thoeny

The %MAKETEXT{}% TWiki variable allows arbitrary shell command execution using tilde (~) characters. Only TWiki server with localization enabled are affected. Versions 5.1.0 through 5.1.3 suffer from this issue.

tags | advisory, arbitrary, shell

advisories | CVE-2012-6329, CVE-2013-1751

SHA-256 | 69ce1acdadc0b5a8985e3a80c2665154f577c3e6ce713f2e81c2207d4226efd5

Download | Favorite | View

twiki.txt

Posted Nov 13, 2004

Authored by Florian Weimer, Markus Goetz, Joerg Hoh, Michael Holzt, Florian Laws, Hans Ulrich Niedermann, Andreas Thienemann, Peter Thoeny

Remote attackers are able to execute arbitrary commands in the context of the TWiki process for TWiki versions 20030201 and possibly in other versions as well. This flaw is due to a lack of proper sanitization of user input.

tags | advisory, remote, arbitrary

SHA-256 | ac52112bc5ecb5d1c0b1b78be42869a3a5320137a2621f2fc66722fa6a94c04c

Download | Favorite | View