The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3001)