Vulnerability Description
add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, probably due to client-side enforcement that can be bypassed. NOTE: some of these details are obtained from third party information, since the raw source is vague.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Duware Dubanner Project | Duware Dubanner | 3.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/20102Broken LinkVendor Advisory
- http://securityreason.com/securityalert/911Third Party Advisory
- http://www.securityfocus.com/archive/1/433894/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/17993Broken LinkVDB Entry
- http://www.vupen.com/english/advisories/2006/1825Broken Link
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26457Third Party AdvisoryVDB Entry
- http://secunia.com/advisories/20102Broken LinkVendor Advisory
- http://securityreason.com/securityalert/911Third Party Advisory
- http://www.securityfocus.com/archive/1/433894/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/17993Broken LinkVDB Entry
- http://www.vupen.com/english/advisories/2006/1825Broken Link
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26457Third Party AdvisoryVDB Entry
FAQ
What is CVE-2006-2428?
CVE-2006-2428 is a vulnerability with a CVSS score of 7.5 (HIGH). add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, probably due to client-side enforcement that can be by...
How severe is CVE-2006-2428?
CVE-2006-2428 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2428?
Check the references section above for vendor advisories and patch information. Affected products include: Duware Dubanner Project Duware Dubanner.