CVE-2006-0371

Sažetak

Directory traversal vulnerability in index.php in Noah Medling RCBlog 1.03 allows remote attackers to read arbitrary .txt files, possibly including one that stores the administrator's account name and password, via a .. (dot dot) in the post parameter.

Reference

http://evuln.com/vulns/42/summary.html
http://secunia.com/advisories/18547
http://securitytracker.com/id?1015523
http://www.fluffington.com/index.php?page=rcblog
http://www.osvdb.org/22680
http://www.securityfocus.com/archive/1/422499/100/0/threaded
http://www.securityfocus.com/archive/1/425392/100/0/threaded
http://www.securityfocus.com/archive/1/436784/30/4500/threaded
http://www.securityfocus.com/bid/16342
https://exchange.xforce.ibmcloud.com/vulnerabilities/24248
https://exchange.xforce.ibmcloud.com/vulnerabilities/27042

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

19-10-2018 - 15:44

Objavljeno

22-01-2006 - 20:03