CVE-2006-3070
N/A
N/A
Summary
write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.vupen.com/english/advisories/2006/2318
- http://www.securityfocus.com/archive/1/437442/30/4320/threaded
- http://www.securityfocus.com/bid/18465
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27038
- http://securecast.wins21.com/zerovul.html
- http://marc.info/?l=full-disclosure&m=115044567831726&w=2
- http://secunia.com/advisories/20592
References
- http://www.vupen.com/english/advisories/2006/2318
- http://www.securityfocus.com/archive/1/437442/30/4320/threaded
- http://www.securityfocus.com/bid/18465
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27038
- http://securecast.wins21.com/zerovul.html
- http://marc.info/?l=full-disclosure&m=115044567831726&w=2
- http://secunia.com/advisories/20592
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.