Lucene search

MitreCVE-2006-2693

HistoryMay 31, 2006 - 10:06 a.m.

CVE-2006-2693

2006-05-3110:06:00

mitre

web.nvd.nist.gov

cve

2006

2693

directory traversal

vulnerability

nivisec hacks list

phpbb

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.016

Percentile

87.8%

JSON

Directory traversal vulnerability in admin/admin_hacks_list.php in Nivisec Hacks List 1.20 and earlier for phpBB, when register_globals is enabled, allows remote attackers to read arbitrary files via a “…” in the phpEx parameter.

Affected configurations

Nvd

Node

nivisechacks_listRange≤1.20

VendorProductVersionCPE
nivisechacks_list*cpe:2.3:a:nivisec:hacks_list:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nivisec	hacks_list	*	cpe:2.3:a:nivisec:hacks_list::::::::

References

secunia.com/advisories/20359

www.nivisec.com/article.php?l=vi&ar=15

www.nukedx.com/?viewdoc=37

www.securityfocus.com/archive/1/435285/100/0/threaded

www.securityfocus.com/bid/18162

www.vupen.com/english/advisories/2006/2034

exchange.xforce.ibmcloud.com/vulnerabilities/26840

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.016

Percentile

87.8%

JSON

Related for CVE-2006-2693