CVE-2005-2885
Summary
| CVE | CVE-2005-2885 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2005-09-14 20:03:00 UTC |
| Updated | 2017-07-11 01:33:00 UTC |
| Description | The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which could allow remote attackers to bypass file extension checks and execute arbitrary commands by uploading a file with a different extension, as demonstrated using .inc files. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| MAXdev MD-Pro Arbitrary Remote File Upload Vulnerability | BID | www.securityfocus.com | Exploit |
| 'MAXdev MD-Pro 1.0.73 (possibly prior versions) remote code' - MARC | BUGTRAQ | marc.info | |
| Secunia - Advisories - MAXdev MD-Pro Cross-Site Scripting and File Upload Vulnerabilities | SECUNIA | secunia.com | Exploit, Vendor Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.