Date: Sat, 29 Dec 2012 15:11:21 +0100 From: Tilmann Haak <tilmann@...pwiki.de> To: oss-security@...ts.openwall.com Subject: CVE request: MoinMoin Wiki (remote code execution vulnerability) Hi all, there is a remote code execution vulnerability in MoinMoin wiki, versions 1.9.x up to (and including) 1.9.5. The method save in class AnyWikiDraw (action/anywikidraw.py) and class TWikiDraw (action/twikidraw.py) do not filter user supplied input correctly, which leads to a path traversal vulnerability, which can be exploited to execute arbitrary code with moin's privileges. An exploit was seen in the wild. Details can be found at: http://moinmo.in/SecurityFixes A fix is available at: http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f Could someone please assign a CVE number? kind regards, Tilmann
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.