lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat Jan 28 20:06:49 2006 From: ascii at katamail.com (ascii) Subject: PmWiki Multiple Vulnerabilities PmWiki Multiple Vulnerabilities Name Multiple Vulnerabilities in PmWiki Systems Affected PmWiki (verified on 2.1 beta 20) Severity Medium Risk Vendor www.pmichaud.com/wiki/PmWiki/PmWiki Advisory http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/ Author Francesco "aScii" Ongaro (ascii at katamail . com) Date 20060119 NOTE: This work only with REGISTER_GLOBALS ON on many versions of PHP5 (tested on 5.0.5, 5.1.1, 5.1.2). This vulnerability defeat PmWiki global sanitizing code and allow remote arbitrary file inclusion. Advisory released on 20060128: PmWiki Multiple Vulnerabilities http://www.ush.it/2006/01/24/pmwiki-multiple-vulnerabilities/