CVE-2005-2885

Sažetak

The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which could allow remote attackers to bypass file extension checks and execute arbitrary commands by uploading a file with a different extension, as demonstrated using .inc files.

Reference

http://marc.info/?l=bugtraq&m=112603835317458&w=2
http://secunia.com/advisories/16731/
http://www.securityfocus.com/bid/14750
https://exchange.xforce.ibmcloud.com/vulnerabilities/22199

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-07-2017 - 01:33

Objavljeno

14-09-2005 - 20:03