CVE-2006-3830

The CVE-2006-3830 issue affects Kailash Nadh’s boastMachine (formerly bMachine) up to version 3.1. Remote authenticated administrators can upload files with arbitrary extensions to the bmc/Inc/Lang directory. The uploaded files are not served over HTTP, so exploitation hinges on a local usage pat...

Update Protection against Geeklog Remote Code Execution Vulnerability

Geeklog is a PHP/MySQL based application for managing dynamic web content. Geeklog CMS fails to validate multiple file extensions, potentially allowing a remote attacker to upload malicious script code, which will be executed in the context of the webserver process...

ASP.NET source code disclosure

It's possible to retrieve source codes for scripts and executable, except protected file extensions...

FreeBSD : twiki -- multiple file extensions file upload vulnerability (a876df84-0fef-11db-ac96-000c6ec775d9)

A TWiki Security Alert reports : The TWiki upload filter already prevents executable scripts such as .php, .php1, .phps, .pl from potentially getting executed by appending a .txt suffix to the uploaded filename. However, PHP and some other types allows additional file suffixes, such as .php.en,...

CVE-2006-3336

TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution...

CVE-2006-3336

CVE-2006-3336 affects TWiki up to version 4.0.3 where the upload filter fails to block certain double extensions (e.g., .php.en, .php.1) unless the server disallows script execution in the pub directory. This allows remote attackers to upload and potentially execute scripts, yielding arbitrary co...

Microsoft Internet Explorer fails to properly handle CLSID extensions

Overview Microsoft Internet Explorer fails to properly handle directories with CLSID extensions. This may allow an attacker to bypass the warning dialog that Internet Explorer should display before executing downloaded code. Description CLSID According to Microsoft MSDN, A CLSID is a "globally...

CVE-2006-3102

Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the modmime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles...

CVE-2006-3070

CVE-2006-3070 affects Zeroboard 4.1 pl8 running on Apache with mod_mime. The issue allows remote attackers to bypass upload restrictions for executable extensions by uploading a .htaccess file containing an AddType directive that maps an assumed-safe extension (e.g., txt) to an executable handler...

USN-297-2: Thunderbird extensions update for recent security update

USN-297-1 fixed some security vulnerabilities in Thunderbird. This update provides new versions of packaged extensions which work with the current Thunderbird version...

bitweaver <= 1.3 (tmpImagePath) Attachment mod_mime Exploit

Exploit for unknown platform in category web applications =========================================================== bitweaver = 1.3 tmpImagePath Attachment modmime Exploit =========================================================== !/usr/bin/php -q -d shortopentag=on ? echo "bitweaver = v1.3...

Code injection

Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743...

Update Protection against Adobe Reader Extensions Vulnerabilities

Several vulnerabilities have been identified with Adobe Document Server for Reader Extensions 6.0. These vulnerabilities could allow an attacker to disclose sensitive information or conduct cross-site scripting attacks...

CVE-2006-2695

admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory...

FreeBSD : frontpage -- XSS vulnerability (c0171f59-ea8a-11da-be02-000c6ec775d9)

Esteban Martinez Fayo reports : The FrontPage Server Extensions 2002 included in Windows Server 2003 IIS 6.0 and available as a separate download for Windows 2000 and XP has a web page /vtibin/vtiadm/fpadmdll.dll that is used for administrative purposes. This web page is vulnerable to cross site...

FreeBSD : coppermine -- Multiple File Extensions Vulnerability (0b628470-e9a6-11da-b9f4-00123ffe8333)

Secunia reports : Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an error in the handling of file uploads where a filename has multiple file extensions. This can be exploited to upload...

Code injection

Coppermine galleries before 1.4.6, when running on Apache with modmime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions...

Open redirect

LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file...

CVE-2006-1447

LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file...

CVE-2006-2330

PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, a...