CVE-2006-3102
published 2006-06-21CVE-2006-3102: Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP…
PriorityP342medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
8.30%
94.2th percentile
Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bitweaver | bitweaver | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Bitweaver 1.3 - 'tmpImagePath' Attachment mod_mime
exploitdb·2006-06-15
CVE-2006-3105 Bitweaver 1.3 - 'tmpImagePath' Attachment mod_mime
Bitweaver 1.3 - 'tmpImagePath' Attachment mod_mime
---
#!/usr/bin/php -q -d short_open_tag=on
mErrors['article_image'] = "Error during attachment of article image";
} else {
$resizeFunc = ( $gBitSystem->getPreference( 'image_processor' ) == 'imagick' ) ? 'liberty_imagick_resize_image' : 'liberty_gd_resize_image';
$pFileHash['source_file'] = $tmpImagePath;
$pFileHash['dest_path'] = TEMP_PKG_NAME.'/'.ARTICLES_PKG_NAME.'/';
// remove the extension
$pFileHash['dest_base_name'] = $tmpImageName;
$pFileHash['max_width'] = ARTICLE_TOPIC_THUMBNAIL_SIZE;
$pFileHash['max_height'] = ARTICLE_TOPIC_THUMBNAIL_SIZE;
$pFileHash['type'] = $_FILES['article_image']['type'];
if( !( $resizeFunc( $pFileHash ) ) ) {
$this->mErrors[] = 'Error while resizing article image';
}
@unlink( $tmpImagePath );
...
explai
Exploit-DB
Isode M-Vault Server 11.3 - LDAP Memory Corruption
exploitdb·2006-02-14
CVE-2006-0710 Isode M-Vault Server 11.3 - LDAP Memory Corruption
Isode M-Vault Server 11.3 - LDAP Memory Corruption
---
source: https://www.securityfocus.com/bid/16635/info
Isode M-Vault Server is prone to a memory corruption. This issue may be triggered by malformed LDAP data.
The exact impact of this vulnerability is not known at this time. Although the issue is known to crash the server, the possibility of remote code execution is unconfirmed.
The vulnerability was reported for version 11.3 on the Linux platform; other versions and platforms may also be affected.
This vulnerability will be updated as further information is made available.
./run.py localhost 389 3102 1
No writeups or analysis indexed.
http://retrogod.altervista.org/bitweaver_13_xpl.htmlhttp://secunia.com/advisories/20695http://securityreason.com/securityalert/1115http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358http://www.bitweaver.org/articles/45http://www.osvdb.org/26587http://www.securityfocus.com/archive/1/437491/100/0/threadedhttp://www.vupen.com/english/advisories/2006/2405https://exchange.xforce.ibmcloud.com/vulnerabilities/27215https://www.exploit-db.com/exploits/1918http://retrogod.altervista.org/bitweaver_13_xpl.htmlhttp://secunia.com/advisories/20695http://securityreason.com/securityalert/1115http://sourceforge.net/project/shownotes.php?release_id=336854&group_id=141358http://www.bitweaver.org/articles/45http://www.osvdb.org/26587http://www.securityfocus.com/archive/1/437491/100/0/threadedhttp://www.vupen.com/english/advisories/2006/2405https://exchange.xforce.ibmcloud.com/vulnerabilities/27215https://www.exploit-db.com/exploits/1918
2006-06-21
Published