The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=110477648219738&w=2 | Exploit Mailing List |
http://secunia.com/advisories/13711 | Broken Link |
http://www.securityfocus.com/bid/12149 | Broken Link Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/18729 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-02-10T05:00:00
Updated: 2017-07-10T14:57:01
Reserved: 2005-02-10T00:00:00
Link: CVE-2005-0269
JSON object: View
NVD Information
Status : Analyzed
Published: 2005-05-02T04:00:00.000
Modified: 2024-02-02T02:15:17.823
Link: CVE-2005-0269
JSON object: View
Redhat Information
No data.
CWE