Lucene search

[email protected]NVD:CVE-2011-0678

HistoryJan 28, 2011 - 9:00 p.m.

CVE-2011-0678

2011-01-2821:00:30

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.285

Percentile

96.9%

JSON

Unrestricted file upload vulnerability in the EasyEdit module in Lomtec ActiveWeb Professional 3.0 allows remote attackers to execute arbitrary code by uploading an executable file via the UploadDirectory and Accepted Extensions fields in the getImagefile component of EasyEdit.cfm.

Affected configurations

Nvd

Node

lomtecactivewebMatch3.0professional

VendorProductVersionCPE
lomtecactiveweb3.0cpe:2.3:a:lomtec:activeweb:3.0:*:professional:*:*:*:*:*

Vendor	Product	Version	CPE
lomtec	activeweb	3.0	cpe:2.3:a:lomtec:activeweb:3.0::professional:::::

References

osvdb.org/70669

secunia.com/advisories/43031

www.exploitdevelopment.com/Vulnerabilities/2010-WEB-002.html

www.kb.cert.org/vuls/id/528212

www.securityfocus.com/bid/45985

www.vupen.com/english/advisories/2011/0217

exchange.xforce.ibmcloud.com/vulnerabilities/65013

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.285

Percentile

96.9%

JSON

Related for NVD:CVE-2011-0678

cvelist1 prion1 cve1 exploitdb1