Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for program_generation_language by webwork
CVE-2006-6629 (GCVE-0-2006-6629)
Vulnerability from nvd – Published: 2006-12-18 11:00 – Updated: 2024-08-07 20:33
VLAI?
Summary
lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2006-12-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21614",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21614"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pt1"
},
{
"name": "ADV-2006-5026",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21614",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21614"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pt1"
},
{
"name": "ADV-2006-5026",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21614"
},
{
"name": "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pt1",
"refsource": "CONFIRM",
"url": "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pt1"
},
{
"name": "ADV-2006-5026",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6629",
"datePublished": "2006-12-18T11:00:00.000Z",
"dateReserved": "2006-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:33:59.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6629 (GCVE-0-2006-6629)
Vulnerability from cvelistv5 – Published: 2006-12-18 11:00 – Updated: 2024-08-07 20:33
VLAI?
Summary
lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2006-12-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21614",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21614"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pt1"
},
{
"name": "ADV-2006-5026",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21614",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21614"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pt1"
},
{
"name": "ADV-2006-5026",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21614"
},
{
"name": "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pt1",
"refsource": "CONFIRM",
"url": "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pt1"
},
{
"name": "ADV-2006-5026",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6629",
"datePublished": "2006-12-18T11:00:00.000Z",
"dateReserved": "2006-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:33:59.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}