Xoops Tutorials Execution of Arbitrary Code - Secunia Advisories - Vulnerability Intelligence

Home > Vulnerability Intelligence > Secunia Advisories > Xoops Tutorials Execution of Arbitrary Code

Secunia Advisories

Xoops Tutorials Execution of Arbitrary Code
Secunia Advisory:	SA9060	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2003-06-18
Popularity:	4,491 views

Critical:	Highly critical
Impact:	System access
Where:	From remote
Solution Status:	Vendor Patch

Software:	Tutorials 2.x (module for XOOPS)

Subscribe:	Instant alerts on relevant vulnerabilities

Description: A vulnerability has been identified in Xoops Tutorials allowing malicious users to upload and execute arbitrary code. The problem is that the upload function, which allows users to upload images, doesn't verify the file type. This allows malicious users to upload any file type including PHP files. Version 2.0 has been reported vulnerable. Solution: Version 2.1 is not vulnerable. Provided and/or discovered by: ac3, GUSG Team

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

Today

Moderately // 19 views

Less // 29 views

Moderately // 47 views

Less // 26 views

Moderately // 37 views

Moderately // 97 views

Less // 73 views

Less // 92 views

Moderately // 82 views

Less // 99 views

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1.	Adobe Flash Player Multiple Vulnerabilities // 58 views
2.	VLC Media Player Multiple Vulnerabilities // 44 views
3.	IBM DB2 Multiple Vulnerabilities // 42 views
4.	Linux Kernel "listxattr" Memory Corruption and CHRP Denial of Service // 38 views
5.	Sun Java JDK / JRE Multiple Vulnerabilities // 37 views
6.	Microsoft Office Two Code Execution Vulnerabilities // 36 views
7.	NetBSD Malformed ICMPv6 "MLD-QUERY" Denial of Service // 28 views
8.	libpng "png_push_read_zTXt()" Off-By-One Vulnerability // 25 views
9.	MemHT Portal "stats_res" SQL Injection Vulnerability // 25 views
10.	Microsoft Word Malformed Object Pointer Vulnerability // 24 views