FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-1037

This CVE name corresponds to:

Entered Topic
2004-11-15 twiki -- arbitrary shell command execution

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2004-1037
Phase Assigned(20041116)

Description

The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.

References

Source Reference
BUGTRAQ 20041112 TWiki search function allows arbitrary shell command execution
FULLDISC 20041116 Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution
CONFIRM http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch
CONECTIVA CLA-2005:918
GENTOO GLSA-200411-33
CIAC P-039
BID 11674
XF twik-search-command-execution(18062)