Lucene search
Ubuntu.comUB:CVE-2006-3336HistoryJul 05, 2006 - 12:00 a.m.
CVE-2006-3336
2006-07-0500:00:00
ubuntu.com
ubuntu.com
6
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.021 Low
EPSS
Percentile
89.1%
TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload
filter and execute arbitrary code via filenames with double extensions such
as “.php.en”, “.php.1”, and other allowed extensions that are not .txt.
NOTE: this is only a vulnerability when the server allows script execution
in the pub directory.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 7.04 | noarch | twiki | < 4.0.5-9.1ubuntu1 | UNKNOWN |
| ubuntu | 7.10 | noarch | twiki | < 4.0.5-9.1ubuntu1 | UNKNOWN |
| ubuntu | 8.04 | noarch | twiki | < 4.0.5-9.1ubuntu1 | UNKNOWN |
| ubuntu | 8.10 | noarch | twiki | < 4.0.5-9.1ubuntu1 | UNKNOWN |
| ubuntu | 9.04 | noarch | twiki | < 4.0.5-9.1ubuntu1 | UNKNOWN |
| ubuntu | 9.10 | noarch | twiki | < 4.0.5-9.1ubuntu1 | UNKNOWN |
Related
cve
cve
CVE-2006-3336
2006-07-05 20:05:00
freebsd
freebsd
twiki -- multiple file extensions file upload vulnerability
2006-07-05 00:00:00
nvd
nvd
CVE-2006-3336
2006-07-05 20:05:00
cvelist
cvelist
CVE-2006-3336
2006-07-05 20:00:00
seebug
seebug
TWiki脚本文件上传漏洞
2007-12-26 00:00:00
nessus
nessus
openvas
openvas
FreeBSD Ports: twiki
2008-09-04 00:00:00
FreeBSD Ports: twiki
2008-09-04 00:00:00
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.021 Low
EPSS
Percentile
89.1%
Related for UB:CVE-2006-3336