<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: 12All File Upload Vulnerability

12All File Upload Vulnerability

From: John McGuire <bugtraq_at_greeneandassoc.com>
Date: Wed, 02 May 2007 15:07:00 -0700

Author: John McGuire
Company: ActiveCampaign
Product: 1-2-All
Version: 4.5x - 4.53.13
Flaw: Arbitrary File Upload
Vendor Notified: Yes
Patch Available: Yes
Patch Location:
http://www.activecampaign.com/support/forum/showthread.php?t=3293

URL:
http://{12All_Location}/admin/functions/editor/editor/filemanager/browser/default/browser.html

Description: The FCKeditor module used to create HTML emails appears to
check filenames against a blacklist of bad extensions. Extensions such
as php4 and php5 are not in this list, and can be executed and run
depending on server configuration.
Received on May 03 2007

This message: [ Message body ]
Next message: security-alert_at_hp.com: "[security bulletin] HPSBPI02185 SSRT071290 rev.2 - HP Jetdirect Running ftp, Remote Denial of Service (DoS)"
Previous message: TSRT_at_3com.com: "TPTI-07-05: IBM Tivoli Provisioning Manager for OS Deployment Multiple Stack Overflow Vulnerabilities"
Next in thread: info_at_activecampaign.com: "Re: 12All File Upload Vulnerability"
Maybe reply: info_at_activecampaign.com: "Re: 12All File Upload Vulnerability"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]