Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2885

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2885
Last Modified 05 Sep 2008 04:52:55
Published 14 Sep 2005 04:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2885

Summary

The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which could allow remote attackers to bypass file extension checks and execute arbitrary commands by uploading a file with a different extension, as demonstrated using .inc files.

Vulnerable Systems

Application

  • Maxdev Md-pro 1.0.73


References

XF - mdpro-extension-file-upload(22199)

BID - 14750

SECUNIA - 16731

BUGTRAQ - 20050906 MAXdev MD-Pro 1.0.73 (possibly prior versions) remote code execution / cross site scripting / path disclosure


Last Updated: 27 May 2016 10:40:40