PT-2005-2002 · Ivt · Ivt Bluesoleil

Kevin Finisterre

Published

2005-04-05

Updated

2017-07-11

CVE-2005-0978

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions IVT BlueSoleil version 1.4

Description The issue concerns a directory traversal vulnerability in the Object Push service. This vulnerability allows remote attackers to upload arbitrary files by utilizing a .. (dot dot) in a PUSH command.

Recommendations For IVT BlueSoleil version 1.4, consider restricting access to the Object Push service until a patch is available. As a temporary workaround, avoid using the PUSH command with untrusted input to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0978

Affected Products

Ivt Bluesoleil

PT-2005-2002 · Ivt · Ivt Bluesoleil

CVE-2005-0978

Related Identifiers

Affected Products

References · 7