Bug#389267: CVE-2006-4294: Directory traversal vulnerability in TWiki

Stefan Fritsch Sun, 24 Sep 2006 14:03:41 -0700

Package: twiki
Severity: grave
Tags: security
Justification: user security hole



A vulnerability has been found in twiki:

Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4
allows remote attackers to read arbitrary files via a .. (dot dot) in the
filename parameter.

I could not find information about version 20040902, so this has to be checked.

See
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-4294


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#389267: CVE-2006-4294: Directory traversal vulnerability in TWiki

Reply via email to