Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Dotclear 'ecrire/images.php' Arbitrary File Upload Vulnerability

Dotclear 'ecrire/images.php' Arbitrary File Upload Vulnerability

From: Morgan ARMAND <armand_m_at_epitech.net>
Date: Tue, 15 Apr 2008 10:51:40 +0200

#####################################################################

Advisory #1 "Dotclear 'ecrire/images.php' Arbitrary File Upload
Vulnerability"

$ Author : Morgan ARMAND
$ Contact : armand_m at epitech dot net
$ Vendor URL : http://www.dotclear.net
$ Vendor Contacted : 07/04/2008
$ Vendor Status : No response
$ Affected Software : Dotclear <= 1.2.7.1
$ Severity : Medium / Critical

#####################################################################

Vulnerability:

Dotclear is prone to an arbitrary script upload vulnerability.

The vulnerability is caused due to missing validation of the file extension.

If successfully exploited, an attacker can execute arbitrary script code
on a vulnerable server.
You need to have an account in order to access to the vulnerable page.

All versions of Dotclear are considered vulnerable at the moment.
Received on Apr 15 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos