This Metasploit module exploits a vulnerability in the MAKETEXT Foswiki variable. By using a specially crafted MAKETEXT, a malicious user can execute shell commands since the input is passed to the Perl "eval" command without first being sanitized. The problem is caused by an underlying security issue in the CPAN:Locale::Maketext module. Only Foswiki sites that have user interface localization enabled (UserInterfaceInternationalisation variable set) are vulnerable. If USERNAME and PASSWORD aren't provided, anonymous access will be tried. Also, if the FoswikiPage option isn't provided, the module will try to create a random page on the SandBox space. The modules has been tested successfully on Foswiki 1.1.5 as distributed with the official Foswiki-1.1.5-vmware image.
1dfa323fc74f3423aec71ecc1cde0b04c26eea7a42d6702fc3d9df74654857c2This Metasploit module exploits a vulnerability in the MAKETEXT Twiki variable. By using a specially crafted MAKETEXT, a malicious user can execute shell commands since user input is passed to the Perl "eval" command without first being sanitized. The problem is caused by an underlying security issue in the CPAN:Locale::Maketext module. This works in TWiki sites that have user interface localization enabled (UserInterfaceInternationalisation variable set). If USERNAME and PASSWORD aren't provided, anonymous access will be tried. Also, if the 'TwikiPage' option isn't provided, the module will try to create a random page on the SandBox space. The modules has been tested successfully on TWiki 5.1.2 as distributed with the official TWiki-VM-5.1.2-1 virtual machine.
6a462fdc51b0c493b941a326fd05e71eb12bf8bedb39c652d6c549a65bf5b2d5C-Panel suffers from a reflective cross site scripting vulnerability in manage.html.
d82a4bc494fbe2f073497ffcfd9405e156889169ee06e1d1c9ea615a5598b3c9Secunia Security Advisory - Some vulnerabilities have been reported in Tiki Wiki CMS/Groupware, which can be exploited by malicious people to compromise a vulnerable system.
b2c79e5cf5a9d838369f47aaeaa7b2ad77a68986fbe03aceee804e04496310baSecunia Security Advisory - A vulnerability has been reported in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system.
9616311d91cbd52947ff5dfa42ee0970d8dbaedee6f97243a31819a863cacd97Secunia Security Advisory - A vulnerability has been reported in IBM Tivoli NetView for z/OS, which can be exploited by malicious, local users to gain escalated privileges.
59118a91ac9a5847a848c0ccceea95aafc19ee87af73a49bbb5dcbbdc6ab16cbSecunia Security Advisory - Some vulnerabilities have been reported in Novell eDirectory, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.
8d9bb0be2cfd4dd1b9bf45263f2ce02b3f71c0f2923ac5665d98554d51cff838Secunia Security Advisory - IBM has acknowledged multiple vulnerabilities in IBM Rational System Architect, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
7df09a8bea53555300130ab721be537db6169e06b3de8937740c6719dc574850Secunia Security Advisory - High-Tech Bridge has discovered a vulnerability in FireFly Media Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
a2b6f1d03eb5d6a9dee6d2135df4c253c1be2997d71f43f3b5ac20eb3ec5eaf9Secunia Security Advisory - IBM has acknowledged multiple vulnerabilities in IBM Rational Method Composer, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS, and compromise a vulnerable system.
f0a23127e6397ec081378cb939d565362e7df8e5de65fcfc384c3fa908d3f519
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed