ID CVE-2006-2693Type cveReporter NVDModified 2017-07-19T21:31:41
Description
Directory traversal vulnerability in admin/admin_hacks_list.php in Nivisec Hacks List 1.20 and earlier for phpBB, when register_globals is enabled, allows remote attackers to read arbitrary files via a ".." in the phpEx parameter.
{"id": "CVE-2006-2693", "bulletinFamily": "NVD", "title": "CVE-2006-2693", "description": "Directory traversal vulnerability in admin/admin_hacks_list.php in Nivisec Hacks List 1.20 and earlier for phpBB, when register_globals is enabled, allows remote attackers to read arbitrary files via a \"..\" in the phpEx parameter.", "published": "2006-05-31T06:06:00", "modified": "2017-07-19T21:31:41", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2693", "reporter": "NVD", "references": ["http://www.securityfocus.com/bid/18162", "http://www.vupen.com/english/advisories/2006/2034", "https://exchange.xforce.ibmcloud.com/vulnerabilities/26840", "http://www.nivisec.com/article.php?l=vi&ar=15", "http://www.nukedx.com/?viewdoc=37", "http://www.securityfocus.com/archive/1/archive/1/435285/100/0/threaded"], "cvelist": ["CVE-2006-2693"], "type": "cve", "lastseen": "2017-07-20T10:49:19", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:nivisec:hacks_list:1.20"], "cvelist": ["CVE-2006-2693"], "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "description": "Directory traversal vulnerability in admin/admin_hacks_list.php in Nivisec Hacks List 1.20 and earlier for phpBB, when register_globals is enabled, allows remote attackers to read arbitrary files via a \"..\" in the phpEx parameter.", "edition": 1, "enchantments": {}, "hash": "ce179e42f3ef9ed8e138892bcb59a9d48a91e532adf7923cf6344c5b34b00cda", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "ffc0e0fbc6d01a73f26771c583cbed93", "key": "href"}, {"hash": "8f9daa020ac43cf2982f413564985f77", "key": "cvelist"}, {"hash": "cb64ff3daa1021fc59b67b096cabd777", "key": "description"}, {"hash": "f5489ff11159317c31af345e3c8d74f9", "key": "published"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "3a1fe98d3a825924264b453336e6cc3c", "key": "title"}, {"hash": "5a5b8f780ca18e40483fe53be6927ab1", "key": "cvss"}, {"hash": "87c4da41926347222dc7ed1c797bbfe8", "key": "cpe"}, {"hash": "94ed1941b60d6c1b0b401cfabdd74e34", "key": "modified"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "7b1e419c15014e632e18321cb6261188", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2693", "id": "CVE-2006-2693", "lastseen": "2016-09-03T07:01:00", "modified": "2011-03-07T21:36:47", "objectVersion": "1.2", "published": "2006-05-31T06:06:00", "references": ["http://www.securityfocus.com/bid/18162", "http://www.vupen.com/english/advisories/2006/2034", "http://xforce.iss.net/xforce/xfdb/26840", "http://www.nivisec.com/article.php?l=vi&ar=15", "http://www.nukedx.com/?viewdoc=37", "http://www.securityfocus.com/archive/1/archive/1/435285/100/0/threaded"], "reporter": "NVD", "scanner": [], "title": "CVE-2006-2693", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T07:01:00"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "87c4da41926347222dc7ed1c797bbfe8"}, {"key": "cvelist", "hash": "8f9daa020ac43cf2982f413564985f77"}, {"key": "cvss", "hash": "5a5b8f780ca18e40483fe53be6927ab1"}, {"key": "description", "hash": "cb64ff3daa1021fc59b67b096cabd777"}, {"key": "href", "hash": "ffc0e0fbc6d01a73f26771c583cbed93"}, {"key": "modified", "hash": "a598a3111bda5d7fbace4d87b1297036"}, {"key": "published", "hash": "f5489ff11159317c31af345e3c8d74f9"}, {"key": "references", "hash": "3c6c70f17066b15d8346ff2f6a05ad08"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "3a1fe98d3a825924264b453336e6cc3c"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "b39fde3716af2a897d0d1b9697af221c46d1ebd63f4d7bf822a9df404d723de2", "viewCount": 0, "enchantments": {"vulnersScore": 5.0}, "objectVersion": "1.3", "cpe": ["cpe:/a:nivisec:hacks_list:1.20"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"result": {"osvdb": [{"id": "OSVDB:25822", "type": "osvdb", "title": "Nivisec Hacks List for phpBB admin_hacks_list.php phpEx Variable Traversal Arbitrary File Access", "description": "## Manual Testing Notes\nhttp://[victim]/[phpBB]/admin/admin_hacks_list.php?setmodules=1&board_config[default_lang]=english&phpEx=../../../../../../../../etc/passwd\n## References:\nVendor URL: http://www.nivisec.com/\n[Secunia Advisory ID:20359](https://secuniaresearch.flexerasoftware.com/advisories/20359/)\nOther Advisory URL: http://www.nukedx.com/?viewdoc=37\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0708.html\nFrSIRT Advisory: ADV-2006-2034\n[CVE-2006-2693](https://vulners.com/cve/CVE-2006-2693)\nBugtraq ID: 18162\n", "published": "2006-05-28T09:49:35", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:25822", "cvelist": ["CVE-2006-2693"], "lastseen": "2017-04-28T13:20:22"}]}}
