Lucene search

[email protected]CVE-2006-0702

HistoryFeb 15, 2006 - 11:06 a.m.

CVE-2006-0702

2006-02-1511:06:00

[email protected]

web.nvd.nist.gov

nvd

cve

admin

upload.php

imagevue 16.1

remote attackers

arbitrary files

allowed folders

directory traversal

vulnerability

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.052 Low

EPSS

Percentile

93.0%

JSON

admin/upload.php in imageVue 16.1 allows remote attackers to upload arbitrary files to certain allowed folders via … (dot dot) sequences in the path parameter. NOTE: due to the lack of details, the specific vulnerability type cannot be determined, although it might be due to directory traversal.

Affected configurations

NVD

Node

imagevueimagevueMatch0.16.1

CPENameOperatorVersion
imagevue:imagevueimagevueeq0.16.1

CPE	Name	Operator	Version
imagevue:imagevue	imagevue	eq	0.16.1

References

secunia.com/advisories/18802

www.securityfocus.com/archive/1/424745/30/0/threaded

www.securityfocus.com/bid/16594

www.vupen.com/english/advisories/2006/0570

exchange.xforce.ibmcloud.com/vulnerabilities/24633

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.052 Low

EPSS

Percentile

93.0%

JSON

Related for CVE-2006-0702

cvelist1 nvd1 nessus1 prion1