CVE-2006-0212 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-0212
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-0212

Description: Directory traversal vulnerability in OBEX Push services in Toshiba Bluetooth Stack 4.00.23(T) and earlier allows remote attackers to upload arbitrary files to arbitrary remote locations specified by .. (dot dot) sequences, as demonstrated by ..\\ sequences in the RFILE argument of ussp-push.

CVE Status: Candidate

References: ST 1015486 SAID Secunia Advisory: SA18437 OSVDB 22380 MISC http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2 http://www.digitalmunition.com/DMA%5B2006-0112a%5D.txt FULLDISC http://marc.theaimsgroup.com/?l=full-disclosure&m=113712413907526&w=2 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/421993/100/0/threaded BID 16236

Return to the previous page.