ID CVE-2006-6994 Type cve Reporter cve@mitre.org Modified 2017-07-29T01:29:00
Description
Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier, allows remote attackers to upload and execute arbitrary ASP files by removing the client-side security checks.
{"securityvulns": [{"lastseen": "2018-08-31T11:09:21", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2006-05-09T00:00:00", "published": "2006-05-09T00:00:00", "id": "SECURITYVULNS:VULN:6108", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:6108", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "description": "## Vulnerability Description\nOzzyWork contains a flaw that may allow a malicious user to upload arbitray files. The issue is caused by improper file extensions checks in add.asp. It is possible that the flaw may allow an attacker to upload and execute arbitrary ASP code resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nOzzyWork contains a flaw that may allow a malicious user to upload arbitray files. The issue is caused by improper file extensions checks in add.asp. It is possible that the flaw may allow an attacker to upload and execute arbitrary ASP code resulting in a loss of integrity.\n## References:\nVendor URL: http://www.indirmax.org/program.asp?id=2696\n[Secunia Advisory ID:20049](https://secuniaresearch.flexerasoftware.com/advisories/20049/)\n[Related OSVDB ID: 25426](https://vulners.com/osvdb/OSVDB:25426)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0176.html\nISS X-Force ID: 26365\nFrSIRT Advisory: ADV-2006-1768\n[CVE-2006-6994](https://vulners.com/cve/CVE-2006-6994)\nBugtraq ID: 17946\n", "modified": "2006-05-09T03:47:37", "published": "2006-05-09T03:47:37", "href": "https://vulners.com/osvdb/OSVDB:25427", "id": "OSVDB:25427", "title": "OzzyWork Galeri add.asp Arbitrary File Upload", "type": "osvdb", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}]}