CVE-2006-5258

Sažetak

The spell checking component of (1) Asbru Web Content Management before 6.1.22, (2) Asbru Web Content Editor before 6.0.22, and (3) Asbru Website Manager before 6.0.22 allows remote attackers to execute arbitrary commands via an unspecified parameter that is not sanitized before Aspell is invoked.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0306.html
http://editor.asbrusoft.com/page.php/id=727
http://secunia.com/advisories/22344
http://secunia.com/advisories/22353
http://secunia.com/advisories/22472
http://wcm.asbrusoft.com/page.php/id=791
http://www.securityfocus.com/bid/20544
http://www.vupen.com/english/advisories/2006/4004
http://www.vupen.com/english/advisories/2006/4060
http://www.vupen.com/english/advisories/2006/4061

CVSS

Base:	5.1
Impact:	6.4
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

13-06-2011 - 04:00

Objavljeno

12-10-2006 - 22:07