CVE

Id
19174  
CVE No.
CVE-2006-3070  
Status
Candidate  
Description
write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.  
Phase
Assigned (20060619)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
170919 19174 CVE-2006-3070 BUGTRAQ:20060616 Zeroboard File Upload & extension bypass Vulnerability  View
170920 19174 CVE-2006-3070 URL:http://www.securityfocus.com/archive/1/archive/1/437442/30/4320/threaded  View
170921 19174 CVE-2006-3070 FULLDISC:20060616 Zeroboard File Upload & extension bypass Vulnerability  View
170922 19174 CVE-2006-3070 URL:http://marc.info/?l=full-disclosure&m=115044567831726&w=2  View
170923 19174 CVE-2006-3070 MISC:http://securecast.wins21.com/zerovul.html  View
170924 19174 CVE-2006-3070 BID:18465  View
170925 19174 CVE-2006-3070 URL:http://www.securityfocus.com/bid/18465  View
170926 19174 CVE-2006-3070 VUPEN:ADV-2006-2318  View
170927 19174 CVE-2006-3070 URL:http://www.vupen.com/english/advisories/2006/2318  View
170928 19174 CVE-2006-3070 SECUNIA:20592  View
170929 19174 CVE-2006-3070 URL:http://secunia.com/advisories/20592  View
170930 19174 CVE-2006-3070 XF:zeroboard-htaccess-file-upload-(27038)  View

Related JVN