Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4690

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2005-4690
Last Modified 05 Sep 2008 04:57:33
Published 31 Dec 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-4690

Summary

Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitrary files of certain types (such as HTML and image files) by selecting an arbitrary directory as a blog's top-level directory. NOTE: this issue can be used in conjunction with CVE-2005-3102 to create or overwrite arbitrary files of all types.

Vulnerable Systems

Application

  • Six Apart Movable Type 3.16


References

BID - 15302

SECUNIA - 16899

FULLDISC - 20051103 Buggy blogging


Last Updated: 27 May 2016 10:41:24