Lucene search

[email protected]CVE-2006-0371

HistoryJan 22, 2006 - 8:03 p.m.

CVE-2006-0371

2006-01-2220:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-0371

directory traversal

vulnerability

noah medling rcblog 1.03

index.php

remote attack

arbitrary files

.txt files

administrator account

password

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.013 Low

EPSS

Percentile

85.8%

JSON

Directory traversal vulnerability in index.php in Noah Medling RCBlog 1.03 allows remote attackers to read arbitrary .txt files, possibly including one that stores the administrator’s account name and password, via a … (dot dot) in the post parameter.

CPENameOperatorVersion
noah_medling:rcblognoah medling rcblogeq1.03

CPE	Name	Operator	Version
noah_medling:rcblog	noah medling rcblog	eq	1.03

References

evuln.com/vulns/42/summary.html

secunia.com/advisories/18547

securitytracker.com/id?1015523

www.fluffington.com/index.php?page=rcblog

www.osvdb.org/22680

www.securityfocus.com/archive/1/422499/100/0/threaded

www.securityfocus.com/archive/1/425392/100/0/threaded

www.securityfocus.com/archive/1/436784/30/4500/threaded

www.securityfocus.com/bid/16342

exchange.xforce.ibmcloud.com/vulnerabilities/24248

exchange.xforce.ibmcloud.com/vulnerabilities/27042

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.013 Low

EPSS

Percentile

85.8%

JSON

Related for CVE-2006-0371

prion1 nessus1 openvas2