<em style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-3447" target="_blank">CVE</a>)</em> : Unrestricted file upload vulnerability in RADactive I-Load before 2008.2.5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, and then sending a request for a predictable filename during a short time window.

Upgrade to version 2008.2.5.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• CVE ID: 2009-3447 (see also: NVD)
• Secunia Advisory ID: 23807
• Related OSVDB ID: 58194 58195 58196
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2009-09/0160.html
• Vendor URL: http://i-load.radactive.com/
• Vendor Specific Advisory URL: http://radnet.radactive.com/forum/Default.aspx?g=posts&t=339
• Other Advisory URL: https://www.sec-consult.com/files/20090917-0_RADactive_I-Load_Multiple_Vulnerabilities.txt

• Stefan Streichsbier - researchsec-consult.com - SEC Consult