Total
1 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-3088 | 1 Ibm | 1 Sametime Meeting Server | 2017-01-06 | 5.5 MEDIUM | N/A |
stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client to validate the file format used in wAttach?OpenForm multipart/form-data POST requests, which allows remote authenticated users to bypass intended upload restrictions by modifying the Content-Type header and file extension, as demonstrated by replacing a text/plain .txt upload with an application/octet-stream .exe upload. |