exploit the possibilities
Showing 1 - 19 of 19 RSS Feed

Files

TWiki 5.1.2 Command Execution
Posted Dec 15, 2012
Authored by George Clark

TWiki versions 4.x and 5.1.0 through 5.1.2 suffers from a remote command execution vulnerability due to an underlying security issue in the Locale::Maketext CPAN module.

tags | exploit, remote
advisories | CVE-2012-6329
MD5 | 41ae99948927228a4790959c26fb1e74

Related Files

TWiki 6.0.2 Cross Site Scripting
Posted Jan 7, 2019
Authored by Jiawang Zhang

TWiki version 6.0.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-20212
MD5 | 77329b23c07ccc26bedc1f9dc7da39ad
TWiki Debugenableplugins Remote Code Execution
Posted Mar 19, 2015
Authored by h0ng10, Netanel Rubin | Site metasploit.com

TWiki versions 4.0.x through 6.0.0 contain a vulnerability in the Debug functionality. The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution.

tags | exploit, remote, perl, code execution
advisories | CVE-2014-7236
MD5 | 861350151f1243072a1bf5d32e992c39
TWiki 6.0.0 / 6.0.1 WebSearch Cross Site Scripting
Posted Dec 19, 2014
Authored by Onur YILMAZ, Robert Abela

TWiki versions 6.0.0 and 6.0.1 suffer from a WebSearch cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-9367
MD5 | 94c99111a703f4301e325ed92cb187d1
TWiki 6.0.1 QUERYSTRING / QUERYPARAMSTRING XSS
Posted Dec 19, 2014
Authored by Onur YILMAZ, Robert Abela

TWiki version 6.0.1 suffers from a cross site scripting vulnerability in the QUERYSTRING and QUERYPARAMSTRING variables.

tags | exploit, xss
advisories | CVE-2014-9325
MD5 | 3e774743eeb601f94f3ae5f94322e02e
Twiki Perl Code Execution
Posted Oct 10, 2014
Authored by Peter Thoeny

The debugenableplugins request parameter in Twiki versions 4.x, 5.x, and 6.0.0 allows arbitrary Perl code execution.

tags | exploit, arbitrary, perl, code execution
advisories | CVE-2014-7236
MD5 | f6bd86cf1ce91b013111856c03894bcf
Twiki Upload Bypass
Posted Oct 10, 2014
Authored by Peter Thoeny

Twiki versions 4.x, 5.x, and 6.0.0 suffer from a file upload bypass vulnerability.

tags | exploit, bypass, file upload
advisories | CVE-2014-7237
MD5 | dceceb045eb6c46fa6ac570dc8bde33c
TWiki 5.1.3 Command Execution
Posted Feb 18, 2013
Authored by Peter Thoeny

The %MAKETEXT{}% TWiki variable allows arbitrary shell command execution using tilde (~) characters. Only TWiki server with localization enabled are affected. Versions 5.1.0 through 5.1.3 suffer from this issue.

tags | advisory, arbitrary, shell
advisories | CVE-2012-6329, CVE-2013-1751
MD5 | efc8aadfd4d11a74cb5430cbbd5a15a6
TWiki MAKETEXT Remote Command Execution
Posted Dec 24, 2012
Authored by juan vazquez, George Clark | Site metasploit.com

This Metasploit module exploits a vulnerability in the MAKETEXT Twiki variable. By using a specially crafted MAKETEXT, a malicious user can execute shell commands since user input is passed to the Perl "eval" command without first being sanitized. The problem is caused by an underlying security issue in the CPAN:Locale::Maketext module. This works in TWiki sites that have user interface localization enabled (UserInterfaceInternationalisation variable set). If USERNAME and PASSWORD aren't provided, anonymous access will be tried. Also, if the 'TwikiPage' option isn't provided, the module will try to create a random page on the SandBox space. The modules has been tested successfully on TWiki 5.1.2 as distributed with the official TWiki-VM-5.1.2-1 virtual machine.

tags | exploit, shell, perl
advisories | CVE-2012-6329, OSVDB-88460
MD5 | 1844d260fae480529a712a37f0ebdf89
TWiki Cross Site Scripting
Posted Jan 31, 2012
Authored by Sony

TWiki suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | dd5aa8c179b2eab2758930be2767f7e8
TWiki Cross Site Scripting
Posted Sep 23, 2011
Authored by Mesut Timur

TWiki versions prior to 5.1.0 suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2011-3010
MD5 | 3f158c74952c5604cd1fa54f04fa5da1
TWiki 5.0.1 Cross Site Scripting
Posted May 18, 2011
Authored by Mesut Timur

TWiki version 5.0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2011-1838
MD5 | 1a360474342164a71c0df7ab9df62b6e
TWiki Search Function Arbitrary Command Execution
Posted Feb 23, 2010
Site metasploit.com

This Metasploit module exploits a vulnerability in the search component of TWiki. By passing a 'search' parameter containing shell metacharacters to the 'WebSearch' script, an attacker can execute arbitrary OS commands.

tags | exploit, arbitrary, shell
advisories | CVE-2004-1037
MD5 | 8a1c0adb616767083eb6ecbd1589827c
TWiki History TWikiUsers rev Parameter Command Execution
Posted Feb 23, 2010
Authored by B4dP4nd4 | Site metasploit.com

This Metasploit module exploits a vulnerability in the history component of TWiki. By passing a 'rev' parameter containing shell metacharacters to the TWikiUsers script, an attacker can execute arbitrary OS commands.

tags | exploit, arbitrary, shell
advisories | CVE-2005-2877
MD5 | 2484d1f845372d8b4a4a3cc3df399f1e
twiki-exec.txt
Posted Sep 22, 2008
Authored by webDEViL

TWiki versions 4.2.2 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 28897e2a05c3f3393a86ef2e20aca504
twiki-disclose.txt
Posted Aug 19, 2008
Authored by Th1nk3r

TWiki version 4.2.0 suffers from a remote file disclosure vulnerability.

tags | exploit, remote, info disclosure
MD5 | 2815940c07c450c4954785902cf1a012
erfurtwiki-lfi.txt
Posted Jun 11, 2008
Authored by unohope | Site chroot.org

ErfurtWiki versions R1.02b and below suffer form a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | bfdc3f962e34280150c26d3fed525cd9
twiki20030201.pl.txt
Posted Nov 8, 2005
Authored by rUnViRuS | Site worlddefacers.net

TWiki 20030201 VIEW string remote command execution exploit.

tags | exploit, remote
MD5 | 704505f7f84b2632546beef86fb51138
twikivuln.txt
Posted Sep 20, 2005
Authored by B4dP4nd4 | Site twiki.org

TWiki up to and including TWikiRelease02Sep2004 is vulnerable to remote command execution in the revision control function. Detailed exploitation provided.

tags | advisory, remote
advisories | CVE-2005-2877
MD5 | 56ab06e013f0307d047c55c5703faa58
twiki.txt
Posted Nov 13, 2004
Authored by Florian Weimer, Markus Goetz, Joerg Hoh, Michael Holzt, Florian Laws, Hans Ulrich Niedermann, Andreas Thienemann, Peter Thoeny

Remote attackers are able to execute arbitrary commands in the context of the TWiki process for TWiki versions 20030201 and possibly in other versions as well. This flaw is due to a lack of proper sanitization of user input.

tags | advisory, remote, arbitrary
MD5 | 85810c3d649c0c62625bec8940fa259f
Page 1 of 1
Back1Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    34 Files
  • 26
    Jan 26th
    23 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close