CVE-2006-3336

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-3336
TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory.

4.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:N

Exploitability : 4.9 / Impact : 4.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://secunia.com/advisories/20992 Patch Vendor Advisory
http://securitytracker.com/id?1016458 Exploit Patch
http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads Patch
http://www.securityfocus.com/bid/18854
http://www.vupen.com/english/advisories/2006/2677
http://secunia.com/advisories/20992 Patch Vendor Advisory
http://securitytracker.com/id?1016458 Exploit Patch
http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads Patch
http://www.securityfocus.com/bid/18854
http://www.vupen.com/english/advisories/2006/2677
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:twiki:twiki:4.0:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:2000-12-01:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:2001-09-01:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:2001-12-01:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:2003-02-01:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:2004-09-01:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:2004-09-02:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:2004-09-03:*:*:*:*:*:*:*
cpe:2.3:a:twiki:twiki:2004-09-04:*:*:*:*:*:*:*
History

21 Nov 2024, 00:13

Type Values Removed Values Added
References () http://secunia.com/advisories/20992 - Patch, Vendor Advisory () http://secunia.com/advisories/20992 - Patch, Vendor Advisory
References () http://securitytracker.com/id?1016458 - Exploit, Patch () http://securitytracker.com/id?1016458 - Exploit, Patch
References () http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads - Patch () http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads - Patch
References () http://www.securityfocus.com/bid/18854 - () http://www.securityfocus.com/bid/18854 -
References () http://www.vupen.com/english/advisories/2006/2677 - () http://www.vupen.com/english/advisories/2006/2677 -
Information

Published : 2006-07-05 20:05

Updated : 2024-11-21 00:13

NVD link : CVE-2006-3336

Mitre link : CVE-2006-3336

CVE.ORG link : CVE-2006-3336

JSON object : View

Products Affected

twiki

  • twiki
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024