Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0695

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0695
Last Modified 07 Mar 2011 09:30:37
Published 15 Feb 2006 06:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0695

Summary

Ansilove before 1.03 does not filter uploaded file extensions, which allows remote attackers to execute arbitrary code by uploading arbitrary files with dangerous extensions, then accessing them directly in the upload directory.

Vulnerable Systems

Application

  • Ansilove 1.01

  • Ansilove 1.02


References

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=392826

SECUNIA - 18810

VUPEN - ADV-2006-0536

XF - ansilove-filename-code-execution(24684)

BID - 16603


Last Updated: 27 May 2016 10:41:46