Lucene search

[email protected]NVD:CVE-2005-2885

HistorySep 14, 2005 - 8:03 p.m.

CVE-2005-2885

2005-09-1420:03:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.013

Percentile

86.0%

JSON

The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which could allow remote attackers to bypass file extension checks and execute arbitrary commands by uploading a file with a different extension, as demonstrated using .inc files.

Affected configurations

Nvd

Node

maxdevmd-proMatch1.0.73

VendorProductVersionCPE
maxdevmd-pro1.0.73cpe:2.3:a:maxdev:md-pro:1.0.73:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
maxdev	md-pro	1.0.73	cpe:2.3:a:maxdev:md-pro:1.0.73:::::::*

References

marc.info/?l=bugtraq&m=112603835317458&w=2

secunia.com/advisories/16731/

www.securityfocus.com/bid/14750

exchange.xforce.ibmcloud.com/vulnerabilities/22199

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.013

Percentile

86.0%

JSON

Related for NVD:CVE-2005-2885

cvelist1 exploitdb1 cve1