CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
99.4%
Added: 04/01/2013
CVE: CVE-2012-6274
BID: 57214
OSVDB: 89342
BigAnt Messenger Server offers secure instant messaging, file transfer, voip, video chat, web conferencing and more.
BigAnt Server 2.97 and earlier does not require authentication for file uploading, and does not properly verify or sanitize user-uploaded files. A remote attacker could upload a **.php**
file to a user-accessible location. Subsequently requesting the file executes the script with the privileges of the web server.
Contact the vendor for an update.
<http://www.kb.cert.org/vuls/id/990652>
This exploit has been tested against BigAntSoft BigAnt Server 2.97 SP7 on Windows Server 2003 SP2 English with DEP OptOut.
Windows