Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 6 Jun 2009 13:48:13 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE id request: dokuwiki


======================================================
Name: CVE-2009-1960
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1960
Reference: MILW0RM:8781
Reference: URL:http://www.milw0rm.com/exploits/8781
Reference: MILW0RM:8812
Reference: URL:http://www.milw0rm.com/exploits/8812
Reference: CONFIRM:http://bugs.splitbrain.org/index.php?do=details&task_id=1700
Reference: SECUNIA:35218
Reference: URL:http://secunia.com/advisories/35218

inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30,
when register_globals is enabled, allows remote attackers to include
and execute arbitrary local files via the
config_cascade[main][default][] parameter to doku.php.  NOTE: PHP
remote file inclusion is also possible in PHP 5 using ftp:// URLs.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.