Required CVE Record Information
Description
write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
References 7 Total
- vupen.com: ADV-2006-2318 vdb-entry
- securityfocus.com: 20060616 Zeroboard File Upload & extension bypass Vulnerability mailing-list
- securityfocus.com: 18465 vdb-entry
- exchange.xforce.ibmcloud.com: zeroboard-htaccess-file-upload-(27038) vdb-entry
- http://securecast.wins21.com/zerovul.html
- marc.info: 20060616 Zeroboard File Upload & extension bypass Vulnerability mailing-list
- secunia.com: 20592 third-party-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 7 Total
- vupen.com: ADV-2006-2318 vdb-entryx_transferred
- securityfocus.com: 20060616 Zeroboard File Upload & extension bypass Vulnerability mailing-listx_transferred
- securityfocus.com: 18465 vdb-entryx_transferred
- exchange.xforce.ibmcloud.com: zeroboard-htaccess-file-upload-(27038) vdb-entryx_transferred
- http://securecast.wins21.com/zerovul.html x_transferred
- marc.info: 20060616 Zeroboard File Upload & extension bypass Vulnerability mailing-listx_transferred
- secunia.com: 20592 third-party-advisoryx_transferred