admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2006/CVE-2006-33xx/CVE-2006-3336.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

198 lines
6.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2006-3336",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-07-05T20:05:00.000",
"lastModified": "2024-11-21T00:13:23.523",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as \".php.en\", \".php.1\", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory."
},
{
"lang": "es",
"value": "Vulnerabilidad en TWiki desde la versi\u00f3n del 01-Dic-2000 hasta la versi\u00f3n v4.0.3 que permite a atacantes remotos saltarse el \"upload filter\" (filtro o control de subida) y ejecutar c\u00f3digo de su elecci\u00f3n a traves de nombres de ficheros con dos extensiones como \".php.en\", \".php.1\" y otras extensiones disponibles que no son .txt. NOTA: para que se produzca esta vulnerabilidad el servidor debe permiter la ejecuci\u00f3n de scripts en un directorio p\u00fablico."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"baseScore": 4.0,
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 4.9,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twiki:twiki:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E0A8F3-02EE-4A6D-BAAC-1D52DF063197"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twiki:twiki:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F893E121-82FA-41C8-9BA4-606E6DA01408"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twiki:twiki:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47807C3A-8430-48E3-A7C8-C5A1FEDF84C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twiki:twiki:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "620356EA-F106-41DF-AADA-C1EF5A5A0829"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twiki:twiki:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "979D8BC8-0032-496F-9503-F3BBBC8FA7CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twiki:twiki:2000-12-01:*:*:*:*:*:*:*",
"matchCriteriaId": "89599BC3-E1D8-4670-9321-F63A788096A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twiki:twiki:2001-09-01:*:*:*:*:*:*:*",
"matchCriteriaId": "354C8BA8-603D-4556-8C4C-39DEE4891719"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twiki:twiki:2001-12-01:*:*:*:*:*:*:*",
"matchCriteriaId": "23CC3B43-A77A-471E-A0ED-E91E53C2400C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twiki:twiki:2003-02-01:*:*:*:*:*:*:*",
"matchCriteriaId": "374ADC0F-0EE2-4DEC-8A37-5F5F15C8137A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twiki:twiki:2004-09-01:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC5965A-BFC8-42B3-AF13-28E097381E84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twiki:twiki:2004-09-02:*:*:*:*:*:*:*",
"matchCriteriaId": "C94AFFF9-5951-43A9-8018-B10C3F097CE9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twiki:twiki:2004-09-03:*:*:*:*:*:*:*",
"matchCriteriaId": "5F823DF7-B38E-4FBF-8D9A-C1B49FC237BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twiki:twiki:2004-09-04:*:*:*:*:*:*:*",
"matchCriteriaId": "FFA8E461-0CAA-4B44-8BCC-21CD8E1A6A41"
}
]
}
]
}
],
"references": [
{
"url": "http://secunia.com/advisories/20992",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://securitytracker.com/id?1016458",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
]
},
{
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "http://www.securityfocus.com/bid/18854",
"source": "cve@mitre.org"
},
{
"url": "http://www.vupen.com/english/advisories/2006/2677",
"source": "cve@mitre.org"
},
{
"url": "http://secunia.com/advisories/20992",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://securitytracker.com/id?1016458",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
]
},
{
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "http://www.securityfocus.com/bid/18854",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.vupen.com/english/advisories/2006/2677",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
Reference in New Issue View Git Blame Copy Permalink