[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248364

 
 

909

 
 

195388

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-6495Date: (C)2013-01-07   (M)2023-12-22


Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.0
Exploit Score: 6.8
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-51696
DSA-2593
USN-1680-1
http://www.openwall.com/lists/oss-security/2012/12/29/6
http://www.openwall.com/lists/oss-security/2012/12/30/4
http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f
http://moinmo.in/MoinMoinRelease1.9
http://moinmo.in/SecurityFixes
https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599

CPE    79
cpe:/a:moinmo:moinmoin:1.5.0:rc1
cpe:/a:moinmo:moinmoin:0.8
cpe:/a:moinmo:moinmoin:0.7
cpe:/a:moinmo:moinmoin:0.9
...
CWE    1
CWE-22
OVAL    3
oval:org.secpod.oval:def:104487
oval:org.secpod.oval:def:104512
oval:org.secpod.oval:def:104508

© SecPod Technologies