Info

Disclosure

Oct 26, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Mega Upload contains a flaw related to the way that the upload.cgi script qscript variable handles the list of uploaded files and may allow an attacker to perform an attack with an unknown impact. No further details have been provided.

Classification

Location: Remote/Network Access Required
Attack Type: Unknown
Impact: Unknown
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 1.45 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Raditha Dissanyake	Mega Upload	1.43
		1.44

References

Security Tracker: 1011960
Bugtraq ID: 11547
Secunia Advisory ID: 12993
ISS X-Force ID: 17882
CVE ID: 2004-2743 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/secunia/2004-q4/0281.html
Vendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=277989
http://www.raditha.com/blog/archives/000547.html
Vendor URL: http://www.raditha.com/megaupload/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Raditha Dissanyake

Mega Upload

References

Credit