Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2530

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2530
Last Modified 24 Oct 2012 12:00:00
Published 22 May 2006 07:10:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2530

Summary

avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product.

Vulnerable Systems

Application

  • Snitz Communications Avatar Mod 1.3

  • Snitz Forums 2000 Avatar Mod 1.3


References

SECUNIA - 20148

VUPEN - ADV-2006-1854

BID - 18014

BUGTRAQ - 20060517 CodeScan Advisory: Avatar MOD v1.3 for Snitz Forums v3.4 - Arbitrary File Upload

MISC - http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf

MISC - http://www.codescan.com/Advisories/CodeScanLabs_AvatarMod.html

XF - snitzforums-avatar-file-upload(26546)


Last Updated: 27 May 2016 11:01:15