[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250039

 
 

909

 
 

195882

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-6081Date: (C)2013-01-07   (M)2023-12-22


Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.0
Exploit Score: 6.8
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
EXPLOIT-DB-25304
SECUNIA-51663
SECUNIA-51676
SECUNIA-51696
BID-57082
DSA-2593
USN-1680-1
http://www.openwall.com/lists/oss-security/2012/12/29/6
http://www.openwall.com/lists/oss-security/2012/12/30/4
http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f
http://moinmo.in/MoinMoinRelease1.9
http://moinmo.in/SecurityFixes
https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599

CPE    79
cpe:/a:moinmo:moinmoin:1.5.0:rc1
cpe:/a:moinmo:moinmoin:0.8
cpe:/a:moinmo:moinmoin:0.7
cpe:/a:moinmo:moinmoin:0.9
...
OVAL    3
oval:org.secpod.oval:def:104487
oval:org.secpod.oval:def:104512
oval:org.secpod.oval:def:104508

© SecPod Technologies