{"type": "osvdb", "published": "2005-08-12T12:13:36", "href": "https://vulners.com/osvdb/OSVDB:18771", "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "a0e8aa212ce2ab84b3f169848978ecb7"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "c8117c547d87bc943c8de01f7333eb60"}, {"key": "href", "hash": "14c3229fd78187767826011f01d0f31c"}, {"key": "modified", "hash": "13ce0073060b34388edca73ada46b428"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "13ce0073060b34388edca73ada46b428"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "7564633ec161df2d5f2158177df4920b"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "viewCount": 0, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "OSVDB", "title": "Discuz! File Extension Validation Failure Arbitrary Command Execution", "affectedSoftware": [], "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "vulnersScore": 7.5}, "references": [], "id": "OSVDB:18771", "hash": "1e4164c1e5b6f3ff5e61d1222a59c42d8140d0cf1842b26af6c31a8d3bcb1b86", "lastseen": "2017-04-28T13:20:15", "cvelist": ["CVE-2005-2614"], "modified": "2005-08-12T12:13:36", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.discuz.com/\nSecurity Tracker: 1014673\n[Secunia Advisory ID:16433](https://secuniaresearch.flexerasoftware.com/advisories/16433/)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0440.html\nKeyword: SSA-20050812-27\n[CVE-2005-2614](https://vulners.com/cve/CVE-2005-2614)\n"}

{"cve": [{"lastseen": "2016-09-03T05:43:03", "references": ["http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0440.html", "http://www.securityfocus.com/bid/14564", "http://securitytracker.com/id?1014673"], "description": "Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote attackers to execute arbitrary commands via a filename containing \".php.rar\" or other multiple extensions that include .php.", "edition": 1, "reporter": "NVD", "published": "2005-08-17T00:00:00", "title": "CVE-2005-2614", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T05:43:03", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2005-2614"], "scanner": [], "cpe": ["cpe:/a:crosscom_olicom:discuz:4.0_rc4"], "modified": "2008-09-05T16:52:13", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2614", "id": "CVE-2005-2614", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:06:19", "references": ["https://seclists.org/fulldisclosure/2005/Aug/438"], "pluginID": "19751", "description": "The remote host is using Discuz!, a popular web application forum in\nChina. \n\nAccording to its version, the installation of Discuz! on the remote\nhost fails to properly check for multiple extensions in uploaded\nfiles. An attacker may be able to exploit this issue to execute\narbitrary commands on the remote host subject to the privileges of the\nweb server user id.", "edition": 7, "reporter": "Tenable", "published": "2005-09-19T00:00:00", "title": "Discuz! <= 4.0.0 rc4 Arbitrary File Upload", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CGI abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2614"], "modified": "2018-11-15T00:00:00", "cpe": [], "id": "DISCUZ_ARBITRARY_FILE_UPLOAD_FLAW.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19751", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19751);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/11/15 20:50:16\");\n\n script_cve_id(\"CVE-2005-2614\");\n script_bugtraq_id(14564);\n \n script_name(english:\"Discuz! <= 4.0.0 rc4 Arbitrary File Upload\");\n script_summary(english:\"Checks Discuz! version\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is affected by\nan arbitrary file upload issue.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is using Discuz!, a popular web application forum in\nChina. \n\nAccording to its version, the installation of Discuz! on the remote\nhost fails to properly check for multiple extensions in uploaded\nfiles. An attacker may be able to exploit this issue to execute\narbitrary commands on the remote host subject to the privileges of the\nweb server user id.\");\n script_set_attribute(attribute:\"see_also\", value:\n\"https://seclists.org/fulldisclosure/2005/Aug/438\");\n script_set_attribute(attribute:\"solution\", value:\"Unknown at this time.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/09/19\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CGI abuses\");\n\n script_dependencie(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nglobal_var port;\n\nport = get_http_port(default:80);\nif ( ! can_host_php(port:port) ) exit(0);\n\nfunction check(loc)\n{\n local_var r, req;\n\n req = http_get(item:string(loc, \"/index.php\"), port:port);\n r = http_keepalive_send_recv(port:port, data:req, bodyonly:1);\n if( isnull(r) )exit(1, \"The web server on port \"+port+\" failed to respond.\");\n if ((\"powered by Discuz!</title>\" >< r) && egrep(pattern:'<meta name=\"description\" content=.+Powered by Discuz! Board ([1-3]|4\\\\.0\\\\.0RC[0-4])', string:r))\n {\n security_warning(port);\n exit(0);\n }\n}\n\nif (thorough_tests) dirs = list_uniq(make_list(\"/discuz\", cgi_dirs()));\nelse dirs = make_list(cgi_dirs());\n\nforeach dir (dirs)\n{\n check(loc:dir);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:05", "references": ["http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0440.html"], "pluginID": "19751", "description": "The remote host is using Discuz!, a popular web application forum in\nChina. \n\nAccording to its version, the installation of Discuz! on the remote host\nfails to properly check for multiple extensions in uploaded files. An\nattacker may be able to exploit this issue to execute arbitrary commands\non the remote host subject to the privileges of the web server user id,\ntypically nobody.", "edition": 1, "reporter": "This script is Copyright (C) 2005 David Maciejak", "published": "2006-03-26T00:00:00", "title": "Discuz! <= 4.0.0 rc4 Arbitrary File Upload Flaw", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gain a shell remotely", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2614"], "modified": "2017-03-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=19751", "id": "OPENVAS:19751", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: discuz_arbitrary_file_upload_flaw.nasl 5783 2017-03-30 09:03:43Z cfi $\n# Description: Discuz! <= 4.0.0 rc4 Arbitrary File Upload Flaw\n#\n# Authors:\n# David Maciejak <david dot maciejak at kyxar dot fr>\n#\n# Copyright:\n# Copyright (C) 2005 David Maciejak\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"The remote host is using Discuz!, a popular web application forum in\nChina. \n\nAccording to its version, the installation of Discuz! on the remote host\nfails to properly check for multiple extensions in uploaded files. An\nattacker may be able to exploit this issue to execute arbitrary commands\non the remote host subject to the privileges of the web server user id,\ntypically nobody.\";\n\ntag_solution = \"Upgrade to the latest version of this software.\";\n\n# Ref: Jeremy Bae at STG Security\n\nif(description)\n{\n script_id(19751);\n script_version(\"$Revision: 5783 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-03-30 11:03:43 +0200 (Thu, 30 Mar 2017) $\");\n script_tag(name:\"creation_date\", value:\"2006-03-26 17:55:15 +0200 (Sun, 26 Mar 2006)\");\n script_cve_id(\"CVE-2005-2614\");\n script_bugtraq_id(14564);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Discuz! <= 4.0.0 rc4 Arbitrary File Upload Flaw\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_copyright(\"This script is Copyright (C) 2005 David Maciejak\");\n script_family(\"Gain a shell remotely\");\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_xref(name : \"URL\" , value : \"http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0440.html\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\nif ( ! can_host_php(port:port) ) exit(0);\n\nforeach dir( make_list_unique( \"/discuz\", cgi_dirs( port:port ) ) ) {\n\n if( dir == \"/\" ) dir = \"\";\n url = string(dir, \"/index.php\");\n r = http_get_cache(item:url, port:port);\n if( r == NULL ) continue;\n if ((\"powered by Discuz!</title>\" >< r) && egrep(pattern:'<meta name=\"description\" content=.+Powered by Discuz! Board ([1-3]|4\\\\.0\\\\.0RC[0-4])', string:r)) {\n report = report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:35:53", "references": ["http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0440.html"], "pluginID": "136141256231019751", "description": "The remote host is using Discuz!, a popular web application forum in\nChina. \n\nAccording to its version, the installation of Discuz! on the remote host\nfails to properly check for multiple extensions in uploaded files. An\nattacker may be able to exploit this issue to execute arbitrary commands\non the remote host subject to the privileges of the web server user id,\ntypically nobody.", "edition": 3, "reporter": "This script is Copyright (C) 2005 David Maciejak", "published": "2006-03-26T00:00:00", "title": "Discuz! <= 4.0.0 rc4 Arbitrary File Upload Flaw", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gain a shell remotely", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2614"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231019751", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231019751", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: discuz_arbitrary_file_upload_flaw.nasl 9348 2018-04-06 07:01:19Z cfischer $\n# Description: Discuz! <= 4.0.0 rc4 Arbitrary File Upload Flaw\n#\n# Authors:\n# David Maciejak <david dot maciejak at kyxar dot fr>\n#\n# Copyright:\n# Copyright (C) 2005 David Maciejak\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"The remote host is using Discuz!, a popular web application forum in\nChina. \n\nAccording to its version, the installation of Discuz! on the remote host\nfails to properly check for multiple extensions in uploaded files. An\nattacker may be able to exploit this issue to execute arbitrary commands\non the remote host subject to the privileges of the web server user id,\ntypically nobody.\";\n\ntag_solution = \"Upgrade to the latest version of this software.\";\n\n# Ref: Jeremy Bae at STG Security\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.19751\");\n script_version(\"$Revision: 9348 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:01:19 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2006-03-26 17:55:15 +0200 (Sun, 26 Mar 2006)\");\n script_cve_id(\"CVE-2005-2614\");\n script_bugtraq_id(14564);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Discuz! <= 4.0.0 rc4 Arbitrary File Upload Flaw\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_copyright(\"This script is Copyright (C) 2005 David Maciejak\");\n script_family(\"Gain a shell remotely\");\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_xref(name : \"URL\" , value : \"http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0440.html\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\nif ( ! can_host_php(port:port) ) exit(0);\n\nforeach dir( make_list_unique( \"/discuz\", cgi_dirs( port:port ) ) ) {\n\n if( dir == \"/\" ) dir = \"\";\n url = string(dir, \"/index.php\");\n r = http_get_cache(item:url, port:port);\n if( r == NULL ) continue;\n if ((\"powered by Discuz!</title>\" >< r) && egrep(pattern:'<meta name=\"description\" content=.+Powered by Discuz! Board ([1-3]|4\\\\.0\\\\.0RC[0-4])', string:r)) {\n report = report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}