Lucene search

[email protected]CVE-2006-1175

HistoryMay 31, 2006 - 10:06 a.m.

CVE-2006-1175

2006-05-3110:06:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-1175

weonlydo

sftp

activex

control

remote attackers

file access

nvd

6.9 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

73.1%

JSON

The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for scripting, which allows remote attackers to read and write files in arbitrary locations by accessing the control from a web page.

CPENameOperatorVersion
weonlydo:weonlydo_sftpweonlydo weonlydo sftpeq*

CPE	Name	Operator	Version
weonlydo:weonlydo_sftp	weonlydo weonlydo sftp	eq	*

References

secunia.com/advisories/20361

www.kb.cert.org/vuls/id/378604

www.securityfocus.com/bid/18192

www.vupen.com/english/advisories/2006/2064

exchange.xforce.ibmcloud.com/vulnerabilities/26752

6.9 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

73.1%

JSON

Related for CVE-2006-1175

nessus1 prion1 cert1