Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3070


Vulnerability Score 5.0 5.0
CVE Id CVE-2006-3070
Last Modified 07 Mar 2011 09:37:46
Published 19 Jun 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.

Vulnerable Systems


  • Zeroboard 4.1 Pl8



FULLDISC - 20060616 Zeroboard File Upload & extension bypass Vulnerability

VUPEN - ADV-2006-2318

SECUNIA - 20592

XF - zeroboard-htaccess-file-upload-(27038)

BID - 18465

Last Updated: 27 May 2016 10:42:52