Vulnerabilities > CVE-2006-3830 - Remote Security vulnerability in Boastmachine

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

kailash-nadh

NVD

Published: 2006-07-25

Updated: 2008-09-05

Summary

The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this issue is a vulnerability only if there is a likely usage pattern in which the files would be opened or executed by local users, e.g., malware files with names that entice local users to open the files.

Vulnerable Configurations

Part	Description	Count
Application	Kailash_Nadh Kailash Nadh Boastmachine 2.5 Kailash Nadh Boastmachine 2.7 Kailash Nadh Boastmachine 2.8 Kailash Nadh Boastmachine 2.9B Kailash Nadh Boastmachine 3.1	5

Summary

Vulnerable Configurations

References