Search
Find a vulnerability
Search criteria
2 vulnerabilities found for program_generation_language by webwork
CVE-2006-6629 (GCVE-0-2006-6629)
Vulnerability from nvd – Published: 2006-12-18 11:00 – Updated: 2024-08-07 20:33
VLAI
Summary
lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/21614 | vdb-entryx_refsource_BID |
| http://devel.webwork.rochester.edu/twiki/bin/view… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2006/5026 | vdb-entryx_refsource_VUPEN |
Date Public
2006-12-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21614",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21614"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pt1"
},
{
"name": "ADV-2006-5026",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21614",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21614"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pt1"
},
{
"name": "ADV-2006-5026",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21614"
},
{
"name": "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pt1",
"refsource": "CONFIRM",
"url": "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pt1"
},
{
"name": "ADV-2006-5026",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6629",
"datePublished": "2006-12-18T11:00:00.000Z",
"dateReserved": "2006-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:33:59.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6629 (GCVE-0-2006-6629)
Vulnerability from cvelistv5 – Published: 2006-12-18 11:00 – Updated: 2024-08-07 20:33
VLAI
Summary
lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/21614 | vdb-entryx_refsource_BID |
| http://devel.webwork.rochester.edu/twiki/bin/view… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2006/5026 | vdb-entryx_refsource_VUPEN |
Date Public
2006-12-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21614",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21614"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pt1"
},
{
"name": "ADV-2006-5026",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21614",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21614"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pt1"
},
{
"name": "ADV-2006-5026",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21614"
},
{
"name": "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pt1",
"refsource": "CONFIRM",
"url": "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pt1"
},
{
"name": "ADV-2006-5026",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6629",
"datePublished": "2006-12-18T11:00:00.000Z",
"dateReserved": "2006-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:33:59.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}