7 matches found
Ubuntu: Security Advisory (USN-4590-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4590-1: Collabtive vulnerability
It was discovered that Collabtive did not properly validate avatar image file uploads. An authenticated user could exploit this with a crafted file to cause Collabtive to execute arbitrary code. CVE-2015-0258...
CVE-2015-0258
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a 1 .php3, 2 .php4, 3 .php5, or 4 .phtml extension...
CVE-2015-0258
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a 1 .php3, 2 .php4, 3 .php5, or 4 .phtml extension...
CVE-2015-0258
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a 1 .php3, 2 .php4, 3 .php5, or 4 .phtml extension...
CVE-2015-0258
Collabtive up to version 2.0/2.1 had an avatar-upload input validation flaw in manageuser.php that could enable an authenticated user to upload crafted files (.php3/.php4/.php5/.phtml) and execute arbitrary code. Public advisories (USN-4590-1, DLA-2125-1) and Debian/Nessus entries describe fixes ...
Collabtive 2.0 Shell Upload
Vulnerability title: Arbitrary File Upload In Collabtive CVE: CVE-2015-0258 Vendor: Collabtive Product: Collabtive Affected version: 2.0 Fixed version: 2.1 Reported by: Arturo Rodriguez Details: It was discovered that authenticated users were able to upload files with extensions: php3, php4, php5...