Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2614


Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2614
Last Modified 05 Sep 2008 04:52:13
Published 17 Aug 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote attackers to execute arbitrary commands via a filename containing ".php.rar" or other multiple extensions that include .php.

Vulnerable Systems


  • Crosscom Olicom Discuz 4.0 Rc4


SECUNIA - 16433

FULLDISC - 20050814 STG Security Advisory: [SSA-20050812-27] Discuz! arbitrary script upload vulnerability

BID - 14564

SECTRACK - 1014673

Last Updated: 27 May 2016 10:40:34