BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files.
References
| Link | Resource |
|---|---|
| http://marc.info/?l=bugtraq&m=110868948719773&w=2 | Exploit Mailing List Third Party Advisory |
| http://marc.info/?l=full-disclosure&m=110864983905770&w=2 | Exploit Mailing List Third Party Advisory |
| http://www.securityfocus.com/bid/12583 | Broken Link Patch Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
02 Feb 2024, 16:44
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Guillaumegardey
Guillaumegardey biborb |
|
| CPE | cpe:2.3:a:guillaumegardey:biborb:1.3.2:rc:*:*:*:*:*:* cpe:2.3:a:guillaumegardey:biborb:1.3.2:-:*:*:*:*:*:* |
26 Jan 2024, 19:07
| Type | Values Removed | Values Added |
|---|---|---|
| References | (FULLDISC) http://marc.info/?l=full-disclosure&m=110864983905770&w=2 - Exploit, Mailing List, Third Party Advisory | |
| References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=110868948719773&w=2 - Exploit, Mailing List, Third Party Advisory | |
| References | (BID) http://www.securityfocus.com/bid/12583 - Broken Link, Patch, Third Party Advisory, VDB Entry | |
| CVSS |
v2 : v3 : |
v2 : 4.3
v3 : unknown |
| CWE | CWE-434 | |
| First Time |
Markusmobius
Markusmobius biborb |
|
| CPE | cpe:2.3:a:markusmobius:biborb:1.3.2:*:*:*:*:*:*:* |
Information
Published : 2005-05-02 04:00
Updated : 2024-02-28 10:42
NVD link : CVE-2005-0254
Mitre link : CVE-2005-0254
CVE.ORG link : CVE-2005-0254
JSON object : View
Products Affected
guillaumegardey
- biborb
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type