CVE-2012-4404

Related Files

Ubuntu Security Notice USN-1604-1

Posted Oct 11, 2012

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1604-1 - It was discovered that MoinMoin did not properly sanitize certain input, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. It was discovered that MoinMoin incorrectly handled group names that contain virtual group names such as "All", "Known" or "Trusted". This could result in a remote user having incorrect permissions. Various other issues were also addressed.

tags | advisory, remote, vulnerability, xss

systems | linux, ubuntu

advisories | CVE-2011-1058, CVE-2012-4404, CVE-2011-1058, CVE-2012-4404

SHA-256 | 1ce16fbb6c9076312138ad64f4db209f2248fb9791187ad08e0fd105cc3c207a

Download | Favorite | View

Debian Security Advisory 2538-1

Posted Sep 5, 2012

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2538-1 - It was discovered that Moin, a Python clone of WikiWiki, incorrectly evaluates ACLs when virtual groups are involved. This may allow certain users to have additional permissions (privilege escalation) or lack expected permissions.

tags | advisory, python

systems | linux, debian

advisories | CVE-2012-4404

SHA-256 | b49bdde2d2c3682af30f6bcd08ac545749987d366c9d780dfe603a1a686302ef

Download | Favorite | View