Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 29 Dec 2012 15:11:21 +0100
From: Tilmann Haak <>
Subject: CVE request: MoinMoin Wiki (remote code execution vulnerability)

Hi all,

there is a remote code execution vulnerability in MoinMoin wiki,
versions 1.9.x up to (and including) 1.9.5. The method save in class
AnyWikiDraw (action/ and class TWikiDraw
(action/ do not filter user supplied input correctly, which
leads to a path traversal vulnerability, which can be exploited to
execute arbitrary code with moin's privileges. An exploit was seen in 
the wild.

Details can be found at:

A fix is available at:

Could someone please assign a CVE number?

kind regards,

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.