11171 : Mega Upload upload.cgi Unspecified File List Issue
Printer | http://osvdb.org/11171 | Email This | Edit Vulnerability

Views This Week

Views All Time

198

Info

Last Modified

6 months ago

Percent Complete

90%

Disclosure

Oct 26, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Mega Upload contains a flaw related to the way that the upload.cgi script qscript variable handles the list of uploaded files and may allow an attacker to perform an attack with an unknown impact. No further details have been provided.

Classification

Location: Remote/Network Access Required
Attack Type: Unknown
Impact: Unknown
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 1.45 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Raditha Dissanyake	Mega Upload	1.43
		1.44

References

Bugtraq ID: 11547
Vendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=277989
http://www.raditha.com/blog/archives/000547.html
ISS X-Force ID: 17882
Secunia Advisory ID: 12993
Mail List Post: http://archives.neohapsis.com/archives/secunia/2004-q4/0281.html
CVE ID: 2004-2743 (see also: NVD)
Security Tracker: 1011960
Vendor URL: http://www.raditha.com/megaupload/

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Raditha Dissanyake

Mega Upload

References

Credit

Blogs

Comments