← Back to CVEs
CVE-2005-0254
LOW3.7
Description
BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files.
CVE Details
CVSS v3.1 Score3.7
SeverityLOW
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published5/2/2005
Last Modified4/16/2026
Sourcenvd
Honeypot Sightings0
Affected Products
guillaumegardey:biborb
Weaknesses (CWE)
CWE-434CWE-434
References
http://marc.info/?l=bugtraq&m=110868948719773&w=2(cve@mitre.org)
http://marc.info/?l=full-disclosure&m=110864983905770&w=2(cve@mitre.org)
http://www.securityfocus.com/bid/12583(cve@mitre.org)
http://marc.info/?l=bugtraq&m=110868948719773&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=full-disclosure&m=110864983905770&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/12583(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.