Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2614

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2614
Last Modified 05 Sep 2008 04:52:13
Published 17 Aug 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2614

Summary

Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote attackers to execute arbitrary commands via a filename containing ".php.rar" or other multiple extensions that include .php.

Vulnerable Systems

Application

  • Crosscom Olicom Discuz 4.0 Rc4


References

SECUNIA - 16433

FULLDISC - 20050814 STG Security Advisory: [SSA-20050812-27] Discuz! arbitrary script upload vulnerability

BID - 14564

SECTRACK - 1014673


Last Updated: 27 May 2016 10:40:34