MidnightBSD

Advisories for walrus_digit

CVE-2011-1329 MEDIUM

WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly restrict file uploads, which allows remote attackers to execute arbitrary PHP code via vectors involving a double extension, as demonstrated by a .php.zzz file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
walrus_digit walrack 2.0.1
walrus_digit walrack 1.0.1
walrus_digit walrack 1.1.5
walrus_digit walrack 2.0.4
walrus_digit walrack 2.0.6
walrus_digit walrack 2.0.3
walrus_digit walrack 1.1.6
walrus_digit walrack 2.0.2
walrus_digit walrack 1.1.2
walrus_digit walrack 1.1.8
walrus_digit walrack 1.1.1
walrus_digit walrack 1.1.4
walrus_digit walrack 1.1.7
walrus_digit walrack 1.1.3
walrus_digit walrack 2.0.5
CVE-2011-2215 HIGH

Unspecified vulnerability in WalRack 1.x before 1.1.8 and 2.x before 2.0.6 has unknown impact and attack vectors, possibly related to file deletion and an encoded URL, a different vulnerability than CVE-2011-1329.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
walrus_digit walrack 2.0.1
walrus_digit walrack 1.0.1
walrus_digit walrack 1.1.5
walrus_digit walrack 2.0.4
walrus_digit walrack 2.0.3
walrus_digit walrack 1.1.6
walrus_digit walrack 2.0.2
walrus_digit walrack 1.1.2
walrus_digit walrack 1.1.1
walrus_digit walrack 1.1.4
walrus_digit walrack 1.1.7
walrus_digit walrack 1.1.3
walrus_digit walrack 2.0.5