CVE-2010-2584

Sažetak

The Upload method in the RealPage Module Upload ActiveX control in Realpage.dll 1.0.0.9 in RealPage Module ActiveX Controls does not properly restrict certain property values, which allows remote attackers to read arbitrary files via a filename in the SourceFile property in conjunction with an http URL in the DestURL property.

Reference

http://secunia.com/advisories/41392
http://secunia.com/secunia_research/2010-118/
http://www.osvdb.org/68813
http://www.securityfocus.com/bid/44302

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

28-10-2010 - 04:00

Objavljeno

26-10-2010 - 19:00