Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

12All File Upload Vulnerability
From: John McGuire <bugtraq () greeneandassoc com>
Date: Wed, 02 May 2007 15:07:00 -0700
Author: John McGuire
Company: ActiveCampaign
Product: 1-2-All
Version: 4.5x - 4.53.13
Flaw: Arbitrary File Upload
Vendor Notified: Yes
Patch Available: Yes
Patch Location: http://www.activecampaign.com/support/forum/showthread.php?t=3293
URL: http://{12All_Location}/admin/functions/editor/editor/filemanager/browser/default/browser.html
Description: The FCKeditor module used to create HTML emails appears to check filenames against a blacklist of bad extensions. Extensions such as php4 and php5 are not in this list, and can be executed and run depending on server configuration.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]