Search...

CVE-2005-1956

2005-06-12T00:00:00

ID CVE-2005-1956
Type cve
Reporter NVD
Modified 2016-10-17T23:23:38

Description

File Upload Manager allows remote attackers to upload arbitrary files by modifying the test variable to contain a value of '~~~~~~' (six tildes), which bypasses the file extension checks.

JSON Vulners Source

Initial Source

{"id": "CVE-2005-1956", "bulletinFamily": "NVD", "title": "CVE-2005-1956", "description": "File Upload Manager allows remote attackers to upload arbitrary files by modifying the test variable to contain a value of '~~~~~~' (six tildes), which bypasses the file extension checks.", "published": "2005-06-12T00:00:00", "modified": "2016-10-17T23:23:38", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1956", "reporter": "NVD", "references": ["http://marc.info/?l=bugtraq&m=111868578006615&w=2"], "cvelist": ["CVE-2005-1956"], "type": "cve", "lastseen": "2017-04-18T15:51:14", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:file_upload_manager:file_upload_manager"], "cvelist": ["CVE-2005-1956"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "File Upload Manager allows remote attackers to upload arbitrary files by modifying the test variable to contain a value of '~~~~~~' (six tildes), which bypasses the file extension checks.", "edition": 1, "hash": "c223fec1a81f9553b91f59aa4b90973188f2048ef3bdb08af87f99aad5dcec0b", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "0a4e552ef71a1cf262b74c8379c16ad6", "key": "cvelist"}, {"hash": "7f1ef653232e8a0e98a3250f550052d8", "key": "description"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "b5e81c9c55e3c58cb833ffa876bc1bc5", "key": "modified"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "96d77b502c96feb3c073f42b5a12cc77", "key": "references"}, {"hash": "bd49de91a7839de1bb1d33f8c37620f5", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "eacf545ec983923f57ed3b816e6dc9c9", "key": "href"}, {"hash": "26429fc5d7ac2c0b0be0b36923b29c54", "key": "cpe"}, {"hash": "06b62062b8b237aa7356de268deb3c59", "key": "published"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1956", "id": "CVE-2005-1956", "lastseen": "2016-09-03T05:32:20", "modified": "2008-09-05T16:50:31", "objectVersion": "1.2", "published": "2005-06-12T00:00:00", "references": ["http://marc.theaimsgroup.com/?l=bugtraq&m=111868578006615&w=2"], "reporter": "NVD", "scanner": [], "title": "CVE-2005-1956", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T05:32:20"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "26429fc5d7ac2c0b0be0b36923b29c54"}, {"key": "cvelist", "hash": "0a4e552ef71a1cf262b74c8379c16ad6"}, {"key": "cvss", "hash": "26769fd423968d45be7383413e2552f1"}, {"key": "description", "hash": "7f1ef653232e8a0e98a3250f550052d8"}, {"key": "href", "hash": "eacf545ec983923f57ed3b816e6dc9c9"}, {"key": "modified", "hash": "5cff8a5dfe955913276ffc8d071c0fde"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "06b62062b8b237aa7356de268deb3c59"}, {"key": "references", "hash": "95815731786edadbe418059c6748d9db"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "bd49de91a7839de1bb1d33f8c37620f5"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "3d5bb26c1bf7e0b2e4254b81b77a3da30076e4e624c35575447bad829b9bda6d", "viewCount": 3, "objectVersion": "1.2", "cpe": ["cpe:/a:file_upload_manager:file_upload_manager"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": [], "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2017-04-18T15:51:14"}, "vulnersScore": 5.0}}

{"osvdb": [{"lastseen": "2017-04-28T13:20:17", "references": [], "edition": 1, "description": "## Vulnerability Description\nFile Upload Manager contains a flaw that may allow a malicious user to bypass the file extension check. The issue is triggered when multiple tilde characters are submitted from a third-party form to the 'test' variable. It is possible that the flaw may allow the uploading of arbitrary files resulting in the execution of arbitrary code or file disclosure.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nFile Upload Manager contains a flaw that may allow a malicious user to bypass the file extension check. The issue is triggered when multiple tilde characters are submitted from a third-party form to the 'test' variable. It is possible that the flaw may allow the uploading of arbitrary files resulting in the execution of arbitrary code or file disclosure.\n## References:\nVendor URL: http://www.mtnpeak.net/webdev/index.php?pg=php\n[Related OSVDB ID: 20258](https://vulners.com/osvdb/OSVDB:20258)\n[Related OSVDB ID: 17435](https://vulners.com/osvdb/OSVDB:17435)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0116.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0079.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0115.html\n[CVE-2005-1956](https://vulners.com/cve/CVE-2005-1956)\n", "reporter": "Blackshoe(blackshoe@gmail.com)", "published": "2005-06-12T00:50:31", "type": "osvdb", "title": "Adam Mmedici File Upload Manager Arbitrary File Upload", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "File Upload Manager", "version": "Unknown or Unspecified", "operator": "eq"}], "cvelist": ["CVE-2005-1956"], "modified": "2005-06-12T00:50:31", "href": "https://vulners.com/osvdb/OSVDB:20257", "id": "OSVDB:20257", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}