CVE-2006-2428 Information

Description

add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions such as ASP files probably due to client-side enforcement that can be bypassed. NOTE: some of these details are obtained from third party information since the raw source is vague.

Reference

http://secunia.com/advisories/20102 http://securityreason.com/securityalert/911 http://www.securityfocus.com/archive/1/433894/100/0/threaded http://www.securityfocus.com/bid/17993 http://www.vupen.com/english/advisories/2006/1825 https://exchange.xforce.ibmcloud.com/vulnerabilities/26457