← Voltar para CVEs
CVE-2005-0254
LOW3.7
Descricao
BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files.
Detalhes CVE
Pontuacao CVSS v3.13.7
SeveridadeLOW
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado5/2/2005
Ultima modificacao4/16/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
guillaumegardey:biborb
Fraquezas (CWE)
CWE-434CWE-434
Referencias
http://marc.info/?l=bugtraq&m=110868948719773&w=2(cve@mitre.org)
http://marc.info/?l=full-disclosure&m=110864983905770&w=2(cve@mitre.org)
http://www.securityfocus.com/bid/12583(cve@mitre.org)
http://marc.info/?l=bugtraq&m=110868948719773&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=full-disclosure&m=110864983905770&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/12583(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.