CVE-2006-2405
7.6 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.014 Low
EPSS
Percentile
86.4%
Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via … (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] parameter to unb_lib/abbc.css.php.
References
newsboard.unclassified.de/forum/post/6499
retrogod.altervista.org/unb_161p1_incl_xpl.html
secunia.com/advisories/20090
securityreason.com/securityalert/899
www.osvdb.org/25494
www.securityfocus.com/archive/1/433686/100/0/threaded
www.securityfocus.com/bid/17947
www.vupen.com/english/advisories/2006/1782
exchange.xforce.ibmcloud.com/vulnerabilities/26507
Related
7.6 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.014 Low
EPSS
Percentile
86.4%