2 matches found
iThoughtsHD任意文件上传漏洞
CVE ID:CVE-2014-1827 iThoughtsHD是一款ios应用,属于思维导图软件。 iPad设备上使用的iThoughtsHD app 4.19 for iOS,在启用了WiFi Transfer功能后,可使远程攻击者通过上传诸如.html%00.txt的文件,即在扩展名后加%00序列来达到上传任意文件的目的。 0 iThoughtsHD iThoughtsHD 4.19 目前厂商还没有提供补丁或者升级程序: www.ithoughts.co.uk/...
CVE-2014-1827
The CVE-2014-1827 entry affects iThoughtsHD 4.19 for iOS on iPad, where enabling WiFi Transfer allows remote upload of arbitrary files by exploiting a null-byte (%00) injection after a dangerous extension (demonstrated with .html%00.txt). Affected component is the web upload interface; root cause...