Web application abuses : MoinMoin Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.803445

Categoría: Web application abuses

Título: MoinMoin Multiple Vulnerabilities

Resumen: MoinMoin is prone to multiple vulnerabilities.

Descripción: Summary:
MoinMoin is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws due to:

- Certain input when handling the AttachFile action is not properly verified
before being used to write files.

- The application allows the upload of files with arbitrary extensions to a
folder inside the webroot when handling the twikidraw or anywikidraw
actions.

- Input passed via page name in rss link is not properly sanitised before
being displayed to the user.

Vulnerability Impact:
Successful exploitation will allow remote attackers to execute arbitrary
HTML or web script in a user's browser session in the context of an affected
site, upload malicious script and overwrite arbitrary files via directory
traversal sequences.

Affected Software/OS:
MoinMoin version 1.9.x prior to 1.9.6.

Solution:
Update to MoinMoin 1.9.6 or later.

CVSS Score:
6.4

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-6080
51663
http://secunia.com/advisories/51663
51676
http://secunia.com/advisories/51676
51696
http://secunia.com/advisories/51696
57076
http://www.securityfocus.com/bid/57076
DSA-2593
http://www.debian.org/security/2012/dsa-2593
USN-1680-1
http://ubuntu.com/usn/usn-1680-1
[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (path traversal vulnerability)
http://www.openwall.com/lists/oss-security/2012/12/30/6
http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52
http://moinmo.in/SecurityFixes
https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599
Common Vulnerability Exposure (CVE) ID: CVE-2012-6081
25304
http://www.exploit-db.com/exploits/25304
57082
http://www.securityfocus.com/bid/57082
[oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)
http://www.openwall.com/lists/oss-security/2012/12/29/6
[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)
http://www.openwall.com/lists/oss-security/2012/12/30/4
http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f
http://moinmo.in/MoinMoinRelease1.9
Common Vulnerability Exposure (CVE) ID: CVE-2012-6082
57089
http://www.securityfocus.com/bid/57089
[oss-security] 20121229 CVE request: MoinMoin Wiki (XSS in rss link)
http://www.openwall.com/lists/oss-security/2012/12/29/7
[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (XSS in rss link)
http://www.openwall.com/lists/oss-security/2012/12/30/5
http://hg.moinmo.in/moin/1.9/rev/c98ec456e493
Common Vulnerability Exposure (CVE) ID: CVE-2012-6495
Debian Security Information: DSA-2593 (Google Search)

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.803445
Categoría:	Web application abuses
Título:	MoinMoin Multiple Vulnerabilities
Resumen:	MoinMoin is prone to multiple vulnerabilities.
Descripción:	Summary: MoinMoin is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws due to: - Certain input when handling the AttachFile action is not properly verified before being used to write files. - The application allows the upload of files with arbitrary extensions to a folder inside the webroot when handling the twikidraw or anywikidraw actions. - Input passed via page name in rss link is not properly sanitised before being displayed to the user. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary HTML or web script in a user's browser session in the context of an affected site, upload malicious script and overwrite arbitrary files via directory traversal sequences. Affected Software/OS: MoinMoin version 1.9.x prior to 1.9.6. Solution: Update to MoinMoin 1.9.6 or later. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-6080 51663 http://secunia.com/advisories/51663 51676 http://secunia.com/advisories/51676 51696 http://secunia.com/advisories/51696 57076 http://www.securityfocus.com/bid/57076 DSA-2593 http://www.debian.org/security/2012/dsa-2593 USN-1680-1 http://ubuntu.com/usn/usn-1680-1 [oss-security] 20121229 Re: CVE request: MoinMoin Wiki (path traversal vulnerability) http://www.openwall.com/lists/oss-security/2012/12/30/6 http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52 http://moinmo.in/SecurityFixes https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599 Common Vulnerability Exposure (CVE) ID: CVE-2012-6081 25304 http://www.exploit-db.com/exploits/25304 57082 http://www.securityfocus.com/bid/57082 [oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability) http://www.openwall.com/lists/oss-security/2012/12/29/6 [oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability) http://www.openwall.com/lists/oss-security/2012/12/30/4 http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f http://moinmo.in/MoinMoinRelease1.9 Common Vulnerability Exposure (CVE) ID: CVE-2012-6082 57089 http://www.securityfocus.com/bid/57089 [oss-security] 20121229 CVE request: MoinMoin Wiki (XSS in rss link) http://www.openwall.com/lists/oss-security/2012/12/29/7 [oss-security] 20121229 Re: CVE request: MoinMoin Wiki (XSS in rss link) http://www.openwall.com/lists/oss-security/2012/12/30/5 http://hg.moinmo.in/moin/1.9/rev/c98ec456e493 Common Vulnerability Exposure (CVE) ID: CVE-2012-6495 Debian Security Information: DSA-2593 (Google Search)
Copyright	Copyright (C) 2013 Greenbone AG