Zero-day Vulnerability Database

Change view:

Zero-day vulnerabilities discovered: 1

Arbitrary file upload in MoinMoin
CVE-2012-6081

Arbitrary file upload

The vulnerability allows a remote authenticated attacker to compromise system.

The weakness exists due to insufficient validation of the filename extension when uploading files twikidraw (action/twikidraw.py) and anywikidraw (action/anywikidraw.py) actions. A remote authenticated attacker with write permissions can upload and execute arbitrary file with executable extension.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was exploited to compromise Debian's wiki and Python documentation website in December, 2012. The exploitation's method used is based on an exploit from Pastebin.

Software: MoinMoin

The vulnerability was exploited to compromise Debian's wiki and Python documentation website in December, 2012. The exploitation's method used is based on an exploit from Pastebin.

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.