| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 10 Nov 2013 14:20:56 GMT From: advisories@...fsec.com To: bugtraq@...urityfocus.com Subject: Vulnerability in Pydio/AjaXplorer < = 5.0.3 Vulnerability in Pydio/AjaXplorer < = 5.0.3 ============ Background: Pydio allows you to instantly turn any server into a powerful file sharing platform. Formerly known as AjaXplorer ============ Description of vulnerability There is an unrestricted upload capability, in one of the plugins that is distributed with Pydio 5.0.3 core to AjaXplorer 3.3.5. An attacker may use this vulnerability to upload arbitrary files in a location that an attacker can control, and will allow remote code execution on the server. Exploiting this vulnerability does not require authentication. ============ Details: /plugins/editor.zoho/agent/save_zoho.php The uploaded file through $_FILES to save_zoho.php will be moved to a path that the user can control with the format parameter passed from the user. Because the file formats allowed are not restricted, and is also used in a move path, this can be used to upload arbitrary files to the server. ============ CVE: The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2013-6226 to this issue. This is a candidate for inclusion in the CVE list. ============ Vendor Response: Upgrade to Pydio v5.0.4 or higher. http://pyd.io/pydio-core-5-0-4/ ============ Timeline: ============ October 13, 2013: Vulnerability identified October 14, 2013: Vendor notified October 14, 2013: Patch released November 10, 2013: Disclosure ============ Research: ============ Craig Arendt (redfsec) http://www.redfsec.com/CVE-2013-6227
Powered by blists - more mailing lists