FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-6080

This CVE name corresponds to:

Entered Topic
2013-01-05 moinmoin -- Multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-6080 at cve.mitre.org

Details

Type Candidate
Name CVE-2012-6080
Phase Assigned(20121206)

Description

Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.

References

Source Reference
MLIST [oss-security] 20121229 Re: CVE request: MoinMoin Wiki (path traversal vulnerability)
MISC https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599
CONFIRM http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52
CONFIRM http://moinmo.in/SecurityFixes
DEBIAN DSA-2593
UBUNTU USN-1680-1
BID 57076
SECUNIA 51663
SECUNIA 51676
SECUNIA 51696

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.