Bugtraq: Re: Uber Uploader <= 5.3.6 Remote File Upload Vulnerability

[recklessb () users sourceforge net]

UU already provides a mechanism to detect file extensions client and server side. It is "YOUR" responsibility when you 
install this script to add file extensions that you may or may not want uploaded. Jeesh! 

$disallow_extensions = '/(sh|php|php3|php4|php5|py|shtml|phtml|cgi|pl|plx|htaccess|htpasswd)$/i';
$allow_extensions = '/(jpg|jpeg|gif|bmp)$/i';