Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Gain a shell remotely >> Discuz! <= 4.0.0 rc4 Arbitrary File Upload Flaw


Vulnerability Assessment Details

Discuz! <= 4.0.0 rc4 Arbitrary File Upload Flaw

Vulnerability Assessment Summary
Checks Discuz! version

Detailed Explanation for this Vulnerability Assessment

The remote host is using Discuz!, a popular web application forum in
China.

According to its version, the installation of Discuz! on the remote host
fails to properly check for multiple extensions in uploaded files. An
attacker may be able to exploit this issue to execute arbitrary commands
on the remote host subject to the rights of the web server user id,
typically nobody.

See also : http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0440.html
Solution : Upgrade to the latest version of this software.
Network Security Threat Level: Medium

Networks Security ID: 14564

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 David Maciejak

Cables, Connectors

SUN X8229A 2.3GHz Quad Core 8 DIMM CPU Module for X4600 M2 Opteron 8356
$30.0
SUN X8229A 2.3GHz Quad Core 8 DIMM CPU Module for X4600 M2 Opteron 8356 pictureASUS G73JW Core i7 Q740/ 1.73GHz/8GB /HDD/DVD±RW/Win 7/17.3 GTX 460m
$500.0
ASUS G73JW Core i7 Q740/ 1.73GHz/8GB /HDD/DVD±RW/Win 7/17.3 GTX 460m pictureLenovo IdeaPad Y70 Touch 17.3in. (1TB + 8GB Ram , Intel Core i7 4th Gen
$900.0
Lenovo IdeaPad Y70 Touch 17.3in. (1TB + 8GB Ram , Intel Core i7 4th Gen pictureDell Inspiron 15 Touchscreen Core i7-6500U Dual-Core 2.5GHz 8GB 1TB 15.6 IPS FHD
$647.62
Dell Inspiron 15 Touchscreen Core i7-6500U Dual-Core 2.5GHz 8GB 1TB 15.6 IPS FHD picture


Discussions

No Discussions have been posted on this vulnerability.