lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <87fz3a1atv.fsf@deneb.enyo.de> Date: Tue, 16 Nov 2004 09:01:48 +0100 From: Florian Weimer <fw@...eb.enyo.de> To: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com, vulnwatch@...nwatch.org Subject: Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution * Hans Ulrich Niedermann: > DETAILS > > The TWiki search function uses a user supplied search string to > compose a command line executed by the Perl backtick (``) operator. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1037 to this issue.
Powered by blists - more mailing lists