MidnightBSD

Advisories for opentools

CVE-2004-1399 MEDIUM

Directory traversal vulnerability in the Attachment module 2.3.10 and earlier for phpBB allows remote attackers to read arbitrary files via a .. (dot dot) in the filename.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
opentools attachment_mod 2.3.5
opentools attachment_mod 2.3.10
opentools attachment_mod 2.3.6
opentools attachment_mod 2.3.8
opentools attachment_mod 2.3.4
opentools attachment_mod 2.3.7
opentools attachment_mod 2.3.9
CVE-2004-1404 HIGH

Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
opentools attachment_mod 2.3.5
opentools attachment_mod 2.3.10
opentools attachment_mod 2.3.6
opentools attachment_mod 2.3.8
opentools attachment_mod 2.3.4
opentools attachment_mod 2.3.7
opentools attachment_mod 2.3.9
CVE-2005-1630 HIGH

Unknown vulnerability in Attachment Mod before 2.3.13, related to a "serious issue with realnames," has unknown impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
opentools attachment_mod 2.3.5
opentools attachment_mod 2.3.11
opentools attachment_mod 2.3.10
opentools attachment_mod 2.3.6
opentools attachment_mod 2.3.8
opentools attachment_mod 2.3.12
opentools attachment_mod 2.3.4
opentools attachment_mod 2.3.7
opentools attachment_mod 2.3.9