SecuritySpace - CVE-2006-3336

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2006-3336

Description: TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory.

Test IDs: 1.3.6.1.4.1.25623.1.0.57080

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2006-3336
BugTraq ID: 18854
http://www.securityfocus.com/bid/18854
http://securitytracker.com/id?1016458
http://secunia.com/advisories/20992
http://www.vupen.com/english/advisories/2006/2677

CVE ID:	CVE-2006-3336
Description:	TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory.
Test IDs:	1.3.6.1.4.1.25623.1.0.57080
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3336 BugTraq ID: 18854 http://www.securityfocus.com/bid/18854 http://securitytracker.com/id?1016458 http://secunia.com/advisories/20992 http://www.vupen.com/english/advisories/2006/2677