CVE

Id
75386  
CVE No.
CVE-2014-8085  
Status
Candidate  
Description
Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.  
Phase
Assigned (20141009)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
698976 75386 CVE-2014-8085 BUGTRAQ:20141231 [KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability  View
698977 75386 CVE-2014-8085 URL:http://www.securityfocus.com/archive/1/archive/1/534361/100/0/threaded  View
698978 75386 CVE-2014-8085 FULLDISC:20141231 [KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability  View
698979 75386 CVE-2014-8085 URL:http://seclists.org/fulldisclosure/2014/Dec/134  View
698980 75386 CVE-2014-8085 MISC:http://karmainsecurity.com/KIS-2014-16  View
698981 75386 CVE-2014-8085 MISC:http://packetstormsecurity.com/files/129777/Osclass-3.4.2-Shell-Upload.html  View
698982 75386 CVE-2014-8085 CONFIRM:http://blog.osclass.org/2014/10/09/osclass-3-4-3-ready-download/  View
698983 75386 CVE-2014-8085 BID:71842  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
17095 JVNDB-2014-005970 複数の X.Org 製品の GLX エクステンションにおける整数オーバーフローの脆弱性 XFree86、X.Org X Window System (別名 X11 または X) および X.Org Server (別名 xserver および xorg-server) の GLX エクステンションには、整数オーバーフローの脆弱性が存在します。 CVE-2014-8093 75386 6.5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-005970.html  View