|
|
CVE Reference: CVE-2006-2530 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-2530 |
|
|
Description: avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/26546 SAID Secunia Advisory: SA20148 MISC http://www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf http://www.codescan.com/Advisories/CodeScanLabs_AvatarMod.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/434366/100/0/threaded BID 18014 |
|
| Return to the previous page. |
