Lucene search

[email protected]CVE-2006-2428

HistoryMay 17, 2006 - 10:06 a.m.

CVE-2006-2428

2006-05-1710:06:00

CWE-434

[email protected]

web.nvd.nist.gov

cve-2006-2428

duware

dubanner

remote code execution

add.asp

arbitrary code execution

asp files

bypassing client-side enforcement

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.3%

JSON

add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, probably due to client-side enforcement that can be bypassed. NOTE: some of these details are obtained from third party information, since the raw source is vague.

Affected configurations

NVD

Node

duware_dubanner_projectduware_dubannerMatch3.1

CPENameOperatorVersion
duware_dubanner_project:duware_dubannerduware dubanner project duware dubannereq3.1

CPE	Name	Operator	Version
duware_dubanner_project:duware_dubanner	duware dubanner project duware dubanner	eq	3.1

References

secunia.com/advisories/20102

securityreason.com/securityalert/911

www.securityfocus.com/archive/1/433894/100/0/threaded

www.securityfocus.com/bid/17993

www.vupen.com/english/advisories/2006/1825

exchange.xforce.ibmcloud.com/vulnerabilities/26457

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.3%

JSON

Related for CVE-2006-2428

prion1 nvd1 cvelist1