Published: 03/01/2013 Updated: 03/01/2013

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 up to and including 1.9.5 allows remote malicious users to overwrite arbitrary files via a .. (dot dot) in a file name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
moinmo moinmoin 1.9.3
moinmo moinmoin 1.9.4
moinmo moinmoin 1.9.5

Debian Bug report logs - #696949 [CVE-2012-6080] moin: path traversal vulnerability Package: moin; Maintainer for moin is Steve McIntyre <93sam@debianorg>; Reported by: Henri Salo <henri@nervfi> Date: Sat, 29 Dec 2012 19:27:05 UTC Severity: important Tags: security Found in version 195-2 Fixed in version 195-4 ...

It was discovered that missing input validation in the twikidraw and anywikidraw actions can result in the execution of arbitrary code This security issue is being actively exploited This update also addresses path traversal in AttachFile For the stable distribution (squeeze), this problem has been fixed in version 193-1+squeeze4 For the unst ...

CWE-22 http://secunia.com/advisories/51663 http://secunia.com/advisories/51696 http://www.openwall.com/lists/oss-security/2012/12/30/6 http://www.securityfocus.com/bid/57076 http://moinmo.in/SecurityFixes http://www.debian.org/security/2012/dsa-2593 http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52 https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599 http://secunia.com/advisories/51676 http://ubuntu.com/usn/usn-1680-1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696949 https://nvd.nist.gov https://www.debian.org/security/./dsa-2593

CVE-2012-6080

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect