4.3

CVE-2005-0254

Exploit

EPSS 0.86%
Veröffentlicht 02.05.2005 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Guillaumegardey ≫ Biborb Version1.3.2 Update-

Guillaumegardey ≫ Biborb Version1.3.2 Updaterc

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.86%	0.746

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

http://marc.info/?l=bugtraq&m=110868948719773&w=2

Third Party Advisory

Exploit

Mailing List

http://marc.info/?l=full-disclosure&m=110864983905770&w=2

Third Party Advisory

Exploit

Mailing List

http://www.securityfocus.com/bid/12583

Patch

Third Party Advisory

Broken Link

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2005-0254

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-0254

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-0254

EUVD