Get our new Windows 7 eBook (PDF) for $7 with 70+ Tips. Download Now!

TWiki ImageGalleryPlugin Shell Command Injection

Monday, February 28th, 2005
by Marc Erickson

No Related Post

“Secunia Advisory: SA14384

Critical: Moderately critical

Impact: System access

Where: From remote

Solution Status: Unpatched

Software: ImageGalleryPlugin 1.x (TWiki plugin)

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

CVE reference: CAN-2005-0516

Description:
Florian Weimer has reported a vulnerability in the TWiki Image Gallery plugin, which can be exploited by malicious users to compromise a vulnerable system.

The problem is that some configuration options used in ImageMagick commands can be manipulated. This can be exploited to inject arbitrary shell commands.

Successful exploitation requires that a user can create or edit image galleries.

Solution:
Edit the source code to ensure that input is properly sanitised”

Full article: Secunia Advisory: SA14384

Tags

Categories

Technology

What Do You Think?

Posted Recently

Shifting Blame Is Socially Contagious

Sustainable Food Production Isn’t So Sustainable

Developing ‘Green’ Tires That Boost Mileage And Cut Carbon Dioxide Emissions

Researchers Create ‘Fly Paper’ To Capture Circulating Cancer Cells

UCLA Study Shows Brain’s Ability To Reorganize

New Research Helps Explain Why Bird Flu Has Not Caused A Pandemic

Better Way To Harness Waste Heat

Five Exercises Can Reduce Neck, Shoulder Pain Of Women Office Workers

UT’s Kraken Named World’s Third Fastest Computer, ORNL’s Jaguar Is #1

Tiny Bubbles Clean Oil From Water

Warmer Means Windier On World’s Biggest Lake

Researchers Find Potential Treatment For Huntington’s Disease

Transcendental Meditation Helped Heart Disease Patients Lower Cardiac Disease Risks By 50%

Record Highs Far Outpace Record Lows Across US

Mystery Contemplated By Charles Darwin Solved

Study Offers Tips On Taming The Boogie Monster

Sponges Recycle Carbon To Give Life To Coral Reefs

Pushing Light Beyond Its Known Limits

Researchers Turn Algae Into High-Temperature Hydrogen Source

To Make Memories, New Neurons Must Erase Older Ones

Faulty Body Clock May Make Kids Bipolar

Energy-Saving Powder

Drug Industry, Nonprofits Join Forces To Fight World’s Neglected Diseases

Ice Cream Researchers Making Sweet Strides With ‘Functional Foods’

Remains Of Minoan-Style Painting Discovered During Excavations Of Canaanite Palace

Improvements Proposed For Electronic Voting By Internet

Rutgers Computer Scientists Work To Strengthen Online Security

Yoga Boosts Heart Health

Darwin Meets Facebook

Researchers Find New Way To Spot Fraud

1930s Drug Slows Tumor Growth

Past Climate Of Antarctica Informs Global Warming Debate

58% Of U.S. Doctors Report Patients Have Difficulty Paying

Atlanta’s Fernbank Museum Tracks Infamous Conquistador Through Southeast

Oral Contraceptives May Benefit Women With Asthma

New Evidence Supports 19th Century Idea On Formation Of Oil And Gas

Internet Search Process Affects Cognition, Emotion

Quantum Gas Microscope Offers Glimpse Of Quirky Ultracold Atoms

‘The Eyes Have It’ For ID Verification

Research Leads To Improved Human, Object Detection Technology

35 queries / 0.525 seconds.