SecurityHome.eu Security vulnerability: 12all-upload.txt

Home / vulnerabilities PDF

12all-upload.txt
Posted on 04 May 2007
Source : packetstormsecurity.org Link

Author: John McGuire
Company: ActiveCampaign
Product: 1-2-All
Version: 4.5x - 4.53.13
Flaw: Arbitrary File Upload
Vendor Notified: Yes
Patch Available: Yes
Patch Location:
http://www.activecampaign.com/support/forum/showthread.php?t=3293

URL:
http://{12All_Location}/admin/functions/editor/editor/filemanager/browser/default/browser.html

Description: The FCKeditor module used to create HTML emails appears to
check filenames against a blacklist of bad extensions. Extensions such
as php4 and php5 are not in this list, and can be executed and run
depending on server configuration.

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

PHP Remote Code Execution
AEGON LIFE 1.0 SQL Injection
AEGON LIFE 1.0 Remote Code Execution
AEGON LIFE 1.0 Cross Site Scripting
Premium Support Tickets For WHMCS 1.2.10 Cross Site Scripting

Last 20