Lucene search

[email protected]CVE-2006-1762

HistoryApr 13, 2006 - 1:06 a.m.

CVE-2006-1762

2006-04-1301:06:00

[email protected]

web.nvd.nist.gov

cve-2006-1762

directory traversal

remote attackers

arbitrary files

xss

path disclosure

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.1 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.1%

JSON

Directory traversal vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to include arbitrary files via the shard parameter. NOTE: this issue can be exploited to produce resultant XSS when the parameter has XSS manipulations, and path disclosure with other invalid values.

Affected configurations

NVD

Node

blursoftblur6exMatch0.3.462

CPENameOperatorVersion
blursoft:blur6exblursoft blur6exeq0.3.462

CPE	Name	Operator	Version
blursoft:blur6ex	blursoft blur6ex	eq	0.3.462

References

www.attrition.org/pipermail/vim/2006-April/000691.html

www.securityfocus.com/archive/1/430607/100/0/threaded

www.securityfocus.com/archive/1/430885/100/0/threaded

www.securityfocus.com/archive/1/491565/100/0/threaded

www.securityfocus.com/bid/17465

exchange.xforce.ibmcloud.com/vulnerabilities/25758

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.1 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.1%

JSON

Related for CVE-2006-1762

nvd1 prion1 cvelist1