Full Disclosure mailing list archives

Re: TWiki Security Alert CVE-2014-7236: Remote Perl code execution with query string to debug TWiki plugins

From: Michael Stroucken <mxs () cmu edu>
Date: Thu, 09 Oct 2014 16:30:53 -0400

On 09.10.14 10:26, Peter Thoeny wrote:

This is an advisory for TWiki administrators: The debugenableplugins request parameter allows arbitrary Perl code 
execution.

I was a little bit worried about my Foswiki install, but it looks like
it has been untainting this parameter since Sun Dec 21 19:48:21 2008.

Greetings,
Michael.


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

TWiki Security Alert CVE-2014-7236: Remote Perl code execution with query string to debug TWiki plugins Peter Thoeny (Oct 09)
- Re: TWiki Security Alert CVE-2014-7236: Remote Perl code execution with query string to debug TWiki plugins Michael Stroucken (Oct 09)