CVE-2007-2024

Related Files

Debian Linux Security Advisory 1371-1

Posted Sep 11, 2007

Authored by Debian | Site debian.org

Debian Security Advisory 1371-1 - Several vulnerabilities have been discovered in phpWiki, a wiki engine written in PHP. It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file uploads. It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file uploads. If the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, phpWiki might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations.

tags | advisory, remote, php, vulnerability, file upload

systems | linux, debian

advisories | CVE-2007-2024, CVE-2007-2025, CVE-2007-3193

SHA-256 | b7b01d7f2a959335ad4e537ebb5fba440c7f535ac3481c32a0333098d6941ddf

Download | Favorite | View

Gentoo Linux Security Advisory 200705-16

Posted May 21, 2007

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200705-16 - Harold Hallikainen has reported that the Upload page fails to properly check the extension of a file. Versions less than 1.3.10-r3 are affected.

tags | advisory

systems | linux, gentoo

advisories | CVE-2007-2024, CVE-2007-2025

SHA-256 | 60c159150a0498f92fb6138edacb9b60a1965224aafeaac9734cbd4a13e2339b

Download | Favorite | View