CVE-2006-6994
Indirmax.org Ozzywork Galeri < 2.0 - Unrestricted File Upload
Title source: ruleDescription
Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier, allows remote attackers to upload and execute arbitrary ASP files by removing the client-side security checks.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26365
Third Party Advisory mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=114723238307299&w=2
Broken Link vdb-entry
x_refsource_osvdb
http://www.osvdb.org/25427
Broken Link, Not Applicable vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1768
Broken Link, Permissions Required third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20049
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17946
Scores
EPSS
0.0130
EPSS Percentile
79.8%
Details
CWE
CWE-434
Status
published
Products (1)
indirmax.org/ozzywork_galeri
< 2.0
Published
Feb 12, 2007
Tracked Since
Feb 18, 2026