Remote Code Execution Vulnerability in EyeOS by EyeOS
CVE-2006-6556

Currently unrated

Key Information:

Vendor: Eyeos
Status: Eyeos
Vendor: CVE Published:; 14 December 2006

What is CVE-2006-6556?

The EyeHome function in EyeOS versions before 0.9.3-3 is susceptible to a vulnerability that allows remote attackers to upload and execute arbitrary code. This issue arises because the system does not properly handle file extensions that contain uppercase letters, thereby bypassing its cleansing mechanism. As a result, malicious actors can exploit this loophole by manipulating file uploads, potentially leading to unauthorized access and execution of harmful scripts.

References

http://eyeos.blogspot.com/2006/12/eyeos-093-4-released-we...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/30844

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/21639

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2006
Vulnerability Reserved
Dec 14, 2006

CVE-2006-6556 Data

JSON

Eyeos

What is CVE-2006-6556?

References

Timeline