Published: 04/01/2013 Updated: 28/11/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The localization functionality in TWiki prior to 5.1.3, and Foswiki 1.0.x up to and including 1.0.10 and 1.1.x up to and including 1.1.6, allows remote malicious users to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.

Vulnerable Product	Search on Vulmon	Subscribe to Product
twiki twiki 5.1.0
twiki twiki 5.1.1
twiki twiki
foswiki foswiki 1.0.2
foswiki foswiki 1.0.3
foswiki foswiki 1.1.0
foswiki foswiki 1.0.4
foswiki foswiki 1.0.10
foswiki foswiki 1.1.5
foswiki foswiki 1.0.1
foswiki foswiki 1.1.2
foswiki foswiki 1.1.1
foswiki foswiki 1.0.0
foswiki foswiki 1.1.6
foswiki foswiki 1.1.4
foswiki foswiki 1.1.3

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit ...

This Metasploit module exploits a vulnerability in the MAKETEXT Foswiki variable By using a specially crafted MAKETEXT, a malicious user can execute shell commands since the input is passed to the Perl "eval" command without first being sanitized The problem is caused by an underlying security issue in the CPAN:Locale::Maketext module Only Foswi ...

CWE-189 http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329 http://sourceforge.net/mailarchive/message.php?msg_id=30219695 http://www.securityfocus.com/bid/56950 https://nvd.nist.gov https://www.exploit-db.com/exploits/23580/

CVE-2012-6330

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect