FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-6081

This CVE name corresponds to:

Entered Topic
2013-01-05 moinmoin -- Multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-6081 at cve.mitre.org

Details

Type Candidate
Name CVE-2012-6081
Phase Assigned(20121206)

Description

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.

References

Source Reference
EXPLOIT-DB 25304
MLIST [oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)
MLIST [oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)
MISC https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599
CONFIRM http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f
CONFIRM http://moinmo.in/MoinMoinRelease1.9
CONFIRM http://moinmo.in/SecurityFixes
DEBIAN DSA-2593
UBUNTU USN-1680-1
BID 57082
SECUNIA 51663
SECUNIA 51676
SECUNIA 51696

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.