4 matches found
CVE-2014-7260
The Server Side Includes SSI implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in SSI directives...
CVE-2014-7260
CVE-2014-7260 affects ULTRAPOP.JP i-HTTPD's File Upload BBS, where the Server Side Includes (SSI) implementation processes directives in uploaded files. The root cause is SSI handling that allows remote attackers to execute arbitrary commands by uploading crafted files containing SSI directives. ...
"File Upload BBS" of i-HTTPD vulnerable to remote command execution
Overview i-HTTPD is a web server for Windows, implementing Server Side Includes SSI. i-HTTPD contains "File Upload BBS". When "File Upload BBS" is activated, a user can upload files on the server, and i-HTTPD processes SSI directives in the uploaded files CWE-97. Yamagata of webappsec.jp reported...
JVN#16406395: "File Upload BBS" of i-HTTPD vulnerable to remote command execution
i-HTTPD is a web server for Windows, implementing Server Side Includes SSI. i-HTTPD contains "File Upload BBS". When "File Upload BBS" is activated, a user can upload files on the server, and i-HTTPD processes SSI directives in the uploaded files CWE-97. Impact An arbitrary command may be execute...