• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Xoops Custom Avatar Remote Arbitrary PHP File Upload Vulnerability

Bugtraq ID:	12754
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 08 2005 12:00AM
Updated:	Mar 08 2005 12:00AM
Credit:	Discovery of this vulnerability is credited to pokley <pokleyzz@scan-associates.net>.
Vulnerable:	Xoops Xoops 2.0.9 .2 Xoops Xoops 2.0.5 .2 Xoops Xoops 2.0.5 .1 Xoops Xoops 2.0.5 Xoops Xoops 2.0.3 Xoops Xoops 2.0.2 Xoops Xoops 2.0.1 Xoops Xoops 2.0 Xoops Xoops 1.3.10 Xoops Xoops 1.3.9 Xoops Xoops 1.3.8 Xoops Xoops 1.3.7 Xoops Xoops 1.3.6 Xoops Xoops 1.3.5 Xoops Xoops 1.0 RC1 Xoops Xoops 1.0 RC3.0.5 Xoops Xoops 1.0 RC3
Not Vulnerable:	Xoops Xoops 2.0.9 .3