cpe:/a:twiki:twiki:4.0 cpe:/a:twiki:twiki:4.0.0 cpe:/a:twiki:twiki:4.0.1 cpe:/a:twiki:twiki:4.0.2 cpe:/a:twiki:twiki:4.0.3 cpe:/a:twiki:twiki:4.0.4 cpe:/a:twiki:twiki:4.0.5 cpe:/a:twiki:twiki:4.1.0 cpe:/a:twiki:twiki:4.1.1 cpe:/a:twiki:twiki:4.1.2 cpe:/a:twiki:twiki:4.2.0 cpe:/a:twiki:twiki:4.2.1 cpe:/a:twiki:twiki:4.2.2 CVE-2008-3195 2008-09-18T11:04:27.233-04:00 2017-09-28T21:31:34.477-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-09-18T12:41:00.000-04:00 ALLOWS_OTHER_ACCESS SECUNIA 31849 SECUNIA 31964 SREASON 4265 EXPLOIT-DB 6269 VUPEN ADV-2008-2586 CERT-VN VU#362012 CONFIRM http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195 CONFIRM http://twiki.org/cgi-bin/view/Codev/TWikiRelease04x02x03#4_2_3_Bugfix_Highlights CONFIRM http://www.kb.cert.org/vuls/id/RGII-7JEQ7L XF twiki-configure-directory-traversal(45182) XF twiki-configure-image-command-execution(45183) Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors.