getID3 < 1.7.8-b1 Multiple Remote Vulnerabilities

getID3, a web-based tool for extracting information from MP3 files, is installed on the remote web server. The installation of getID3 includes a set of demo scripts that allow an unauthenticated, remote attacker to read and delete arbitrary files, write files with some restrictions, and execute...

Design/Logic Flaw

Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors...

CVE-2007-1035

The CVE-2007-1035 issue affects getID3 (1.7.1) as used with Drupal Mediafield/Audio modules. The remote vulnerabilities reside in the package’s demo scripts, enabling an unauthenticated attacker to read/delete arbitrary files, list directories, write files (including .mp3) and potentially execute...

getID3 library and Audio, Mediafield - arbitrary code execution

The getID3 library used by Audio and Mediafield contains a directory with scripts demonstrating use of the library. These scripts allow any visitor to browse the filesystem, read and delete files or write to zero-byte files or files with an mp3 extension. These actions are only limited by the...