Candidate: CVE-2012-2670
PublicDate: 2012-06-17 03:41:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2670
 http://www.securityfocus.com/archive/1/522973/30/0/threaded
 http://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html
 http://www.collabtive.o-dyn.de/blog/?p=426
Description:
 manageuser.php in Collabtive before 0.7.6 allows remote authenticated
 users, and possibly unauthenticated attackers, to bypass intended access
 restrictions and upload and execute arbitrary files by uploading an avatar
 file with an accepted Content-Type such as image/jpeg, then accessing it
 via a direct request to the file in files/standard/avatar.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676311
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_collabtive:
upstream_collabtive: released (0.7.6-1)
hardy_collabtive: DNE
lucid_collabtive: DNE
natty_collabtive: DNE
oneiric_collabtive: ignored (reached end-of-life)
precise_collabtive: ignored (reached end-of-life)
precise/esm_collabtive: DNE (precise was needed)
quantal_collabtive: not-affected (0.7.6-1)
raring_collabtive: not-affected (0.7.6-1)
saucy_collabtive: not-affected (0.7.6-1)
trusty_collabtive: not-affected (0.7.6-1)
trusty/esm_collabtive: DNE (trusty was not-affected [0.7.6-1])
utopic_collabtive: not-affected (0.7.6-1)
vivid_collabtive: not-affected (0.7.6-1)
vivid/stable-phone-overlay_collabtive: DNE
vivid/ubuntu-core_collabtive: DNE
wily_collabtive: not-affected (0.7.6-1)
xenial_collabtive: not-affected (0.7.6-1)
yakkety_collabtive: not-affected (0.7.6-1)
zesty_collabtive: DNE
devel_collabtive: DNE