CVE-2008-0782 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-0782
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-0782

Description: Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/39837 VIM http://www.attrition.org/pipermail/vim/2008-January/001890.html UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-716-1 SAID Secunia Advisory: SA29010 Secunia Advisory: SA29262 Secunia Advisory: SA29444 Secunia Advisory: SA33755 MILW0RM http://www.milw0rm.com/exploits/4957 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml DEBIAN http://www.debian.org/security/2008/dsa-1514 CONFIRM http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630 BID 27404

Return to the previous page.