[SA20596] TWiki Registration Account Override Vulnerability

Les derniers commentaires publiés sur SecuObs (1-5):

- ESRT @JGamblin @threatpost - Hackers say they will definitely break into an A - ESRT @hdmoore @iagox86 - Weaponizing dnscat - first version of dnscat shellco - iWep PRO 1.1.3 Released - FireCAT v1.6.2 updated with Framework Detector - ESRT @opexxx - FireCAT v1.6.2 updated with BackendInfo Les derniers commentaires publiés sur SecuObs (6-25) Tous les commentaires publiés sur SecuObs avant les 5 derniers

[Message Precedent sur la mailing][Message Suivant sur la mailing][Precedent dans le fil][Prochain dans le fil][Index par Date][Index par fil] [SA20596] TWiki Registration Account Override Vulnerability

Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports.

link://[click]

TITLE: TWiki Registration Account Override Vulnerability

SECUNIA ADVISORY ID: SA20596

VERIFY ADVISORY: link://[click]

CRITICAL: Moderately critical

IMPACT: Security Bypass, Privilege escalation

WHERE: From remote SOFTWARE: TWiki link://[click]

DESCRIPTION: A vulnerability has been reported in TWiki, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error in the registration process. This can be exploited to register as an already registered user by changing the action attribute of the form element to the Sandbox web.

Successful exploitation allows a malicious person to gain the privileges of an already registered user (e.g. a user with TWikiAdminGroup privileges), but requires that the "MapUserToWikiName" setting is enabled.

The vulnerability has been reported in the following releases: * TWikiRelease04x00x02 * TWikiRelease04x00x01 * TWikiRelease04x00x00 SOLUTION: Apply patch (see original advisory).

PROVIDED AND/OR DISCOVERED BY: The vendor credits Harald Jörg.

ORIGINAL ADVISORY: link://[click]

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: link://[click]

Definitions: (Criticality, Where etc.) link://[click]

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link.

Secunia NEVER sends attached files with advisories.

Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Precedent par Date: [SA20750] Debian update for horde2
Suivant par Date: [SA20745] Mambo "Name" SQL Injection Vulnerability
Precedent par fil : [SA20750] Debian update for horde2
Suivant par fil : [SA20745] Mambo "Name" SQL Injection Vulnerability
Index(s):
- Date
- Fil

Archives de la liste de diffusion Secunia
Archives de la liste de diffusion BugTraq
Archives de la liste de diffusion DailyDave
Archives de la liste de diffusion FunSec
Archives de la liste de diffusion Full Disclosure
Archives de la liste de diffusion Focus-IDS (FD)
Archives de la liste de diffusion Webappsec (FD)
Archives de la liste de diffusion Security-basics (FD)
Archives de la liste de diffusion Vulndiscuss
Archives de la liste de diffusion Vulnwatch

Les derniers commentaires publiés sur SecuObs (6-25):

- sipwitch 0.7.4 - Oracle XDB FTP service UNLOCK buffer overflow exploit that spawns a reverse s - XSSploit XSS scanner multiplatfom v0.5 available - Network forensics in IRB xtractr Ruby gem - GreenPois0n Possible Jailbreak Software for iPad OS 32 - Blazing fast password recovery with new ATI cards - ESRT @wireheadlance - How to secure a Cisco router - Device Fingerprinting to Fight Real-time Transaction Fraud - Penetrating Intranets through Adobe Flex Applications - Updated the OWASP Fuzzing Code Database - ESRT @jcran - how to convert a NASL check to a NeXpose check - The New Disclosure Debate and the Evil Mr. Moore - Charlie Miller Will Expose 20 Hackable Apple Security Flaws - Digital Forensics Framework v0.5 released - OSSIM v2.2 Multiple Vulnerabilities - Virtual PC Hypervisor Memory Protection Vulnerability - Virtual machines being used to obfuscate malware - Implement the SSH-2 protocol in pure Java - Video : ESRT @securityshell - Nessus Scan through a Meterpreter Session - ESRT @Jhaddix Man-Just-Left-of-Middle MJLM XSS Phishing Attack Tool Les cinq derniers commentaires publiés sur SecuObs Tous les commentaires publiés sur SecuObs avant les 25 derniers

SecuToolBox :

Bluetooth Stack Smasher v0.6 / Bluetooth Stack Smasher v0.8 / Slides Bluetooth Eurosec 2006 / Exposé vidéo Windows Shellcode - Kostya Kortchinsky / Exposé audio Reverse Engineering - Nicolas Brulez / Exposé vidéo Securitech - Pierre Betouin / WEP aircrack + Ubiquiti (MadWifi) 300 mW + Yagi / Secure WIFI WPA + EAP-TLS + Freeradius / Audit Windows / Captive Password Windows / USBDumper / USBDumper 2 / Hacking Hardware / WishMaster backdoor / DNS Auditing Tool / Ettercap SSL MITM / Exploit vulnérabilités Windows / Memory Dumper Kernel Hardening / Reverse Engineering / Scapy / SecUbuLIVE CD / Metasploit / eEye Blink Sec Center / eEye Retina Scanner + d'outils / + de tutoriels

Mini-Tagwall des articles publiés sur SecuObs :

sécurité, exploit, windows, microsoft, réseau, attaque, outil, vulnérabilité, audit, système, virus, internet, données, présentation, metasploit, linux, bluetooth, protocol, vista, scanner, réseaux, shell, engineering, rootkit, paquet, conférence, trames, wishmaster, téléphone, source, sysun, noyau, mobile, https, mémoire, rapport, botnet, téléphones, libre, reverse, navigateur, patch, snort, scapy, intel + de mots clés avec l'annuaire des articles publiés sur SecuObs

Archives Failles Secunia :

- SA38986 Red Hat update for cpio - SA38936 Red Hat update for cpio - SA39002 Fedora update for viewvc - SA38923 Red Hat update for cpio - SA38997 Web Wiz Forums Cross-Site Request Forgery + d'archives failles avec Secunia et SecuMail

Archives Mailing Full Disclosure :

- Full-disclosure Claude Mercier/CLSC-CHSLD BVLV/Reg03/SSSS est absent(e). - Re: Full-disclosure SecurityFocus to partially shut down - Full-disclosure Wordpad Command line argument vulnerability is it known ? - Full-disclosure Decrypting MPPE / PPTP network traffic - Full-disclosure USN-914-1 Linux kernel vulnerabilities + d'archives Full Disclosure avec SecuMail

Archives Mailing Bugtraq :

- Miranda IM silent TLS failure - Vulnerabilities in VXDate for Joomla - CORELAN-10-13 - Windisc Local Stack BOF - security bulletin HPSBGN02511 SSRT100022 rev.2 - HP Small Form Factor or Microtower PC with Broadcom Integrated NIC Firmware, Remote Execution of Arbitrary Code - CORE-2010-0311 - eFront-learning PHP file inclusion vulnerability - CORE-2009-0803: Virtual PC Hypervisor Memory Protection Vulnerability + d'archives Bugtraq avec SecuMail

Mini-Tagwall de l'annuaire video :

vmware, security, virus, biometric, windows, lockpicking, password, botnet, metasploit, tutorial, attack, crypt, linux, network, iphone, server, exploit, conficker, wimax, virtu, virtual, engineering, cisco, reverse, shmoocon, ettercap, wireshark, hacker, firewall, internet, knoppix, rootkit, arduino, wireless, source, conference, backtrack, brucon, openbsd, systm, overflow, openssh, buffer, access, remote + de mots clés avec l'annuaire des videos

Mini-Tagwall des articles de la revue de presse :

security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité + de mots clés avec l'annuaire de la revue de presse

Mini-Tagwall des Tweets de la revue Twitter :

security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack + de mots clés avec l'annuaire de la revue Twitter