Search...

CVE-2006-4490

2006-08-31T18:04:00

ID CVE-2006-4490
Type cve
Reporter NVD
Modified 2017-07-19T21:33:07

Description

Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe.

JSON Vulners Source

Initial Source

{"id": "CVE-2006-4490", "bulletinFamily": "NVD", "title": "CVE-2006-4490", "description": "Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe.", "published": "2006-08-31T18:04:00", "modified": "2017-07-19T21:33:07", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4490", "reporter": "NVD", "references": ["http://jvn.jp/jp/JVN%2390420168/index.html", "http://vuln.sg/cybozu-en.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/28591", "http://securitytracker.com/id?1016759", "http://cybozu.co.jp/products/dl/notice_060825/"], "cvelist": ["CVE-2006-4490"], "type": "cve", "lastseen": "2017-07-20T10:49:30", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:cybozu:cybozu_office:6.6_build_1.2", "cpe:/a:cybozu:share_360:2.5_build_0.2"], "cvelist": ["CVE-2006-4490"], "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe.", "edition": 1, "enchantments": {}, "hash": "8f8e8de450d0159f8a048695f4360fe4682de39a70d3fa51a0c050ca1e1a73d3", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "157e5d812cf4a9f334dc4ea56a0b8722", "key": "cvelist"}, {"hash": "eb60ef94d16fb837ff4e0dd5209688f8", "key": "href"}, {"hash": "d51ef32ed9f96cdaef2754a447c9af65", "key": "cvss"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e7ce9503559c5f0bf4e56dc3da9a8a22", "key": "cpe"}, {"hash": "1422e229756945bbf242f95d5801c420", "key": "modified"}, {"hash": "4ea5bd985100720f807de986e79e48b8", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "129356b78df2e04c751f6dc07c6aedfd", "key": "title"}, {"hash": "f7a65b9f0f8363c11b2c0139020baf08", "key": "references"}, {"hash": "4a5c71f1b4556bc8284e8d13ef1b6601", "key": "published"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4490", "id": "CVE-2006-4490", "lastseen": "2016-09-03T07:29:04", "modified": "2008-11-11T01:28:16", "objectVersion": "1.2", "published": "2006-08-31T18:04:00", "references": ["http://xforce.iss.net/xforce/xfdb/28591", "http://jvn.jp/jp/JVN%2390420168/index.html", "http://vuln.sg/cybozu-en.html", "http://securitytracker.com/id?1016759", "http://cybozu.co.jp/products/dl/notice_060825/"], "reporter": "NVD", "scanner": [], "title": "CVE-2006-4490", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T07:29:04"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "e7ce9503559c5f0bf4e56dc3da9a8a22"}, {"key": "cvelist", "hash": "157e5d812cf4a9f334dc4ea56a0b8722"}, {"key": "cvss", "hash": "d51ef32ed9f96cdaef2754a447c9af65"}, {"key": "description", "hash": "4ea5bd985100720f807de986e79e48b8"}, {"key": "href", "hash": "eb60ef94d16fb837ff4e0dd5209688f8"}, {"key": "modified", "hash": "e2fe57aa27c56dea0b776610d63d71cd"}, {"key": "published", "hash": "4a5c71f1b4556bc8284e8d13ef1b6601"}, {"key": "references", "hash": "063d265b074f05633af026f24808bb3d"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "129356b78df2e04c751f6dc07c6aedfd"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "5b2345e22fda3926f90dc505df2d96aa7378a4eaa233d6f1d1512b19544498fe", "viewCount": 0, "enchantments": {"vulnersScore": 5.0}, "objectVersion": "1.3", "cpe": ["cpe:/a:cybozu:cybozu_office:6.6_build_1.2", "cpe:/a:cybozu:share_360:2.5_build_0.2"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"result": {"osvdb": [{"id": "OSVDB:28261", "type": "osvdb", "title": "Cybozu Share360 s360.exe id Variable Traversal Arbitrary File Access", "description": "## Vulnerability Description\nShare360 contains a flaw that allows a remote attacker to retrieve files from the file cabinet or retrieve attachments from a received message or memo. The issue is due to the s360.exe script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'id' variable.\n## Technical Description\nSuccessful exploitation requires a valid user account.\n## Solution Description\nUpgrade to version 2.5 (Build 0.3) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nShare360 contains a flaw that allows a remote attacker to retrieve files from the file cabinet or retrieve attachments from a received message or memo. The issue is due to the s360.exe script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'id' variable.\n## Manual Testing Notes\nhttp://[target]/scripts/s360v2/s360.exe?page=FileDownload&\nid=../../../../../../../../../../inetpub/scripts/s360v2/s360v2/data/admin&type=text&subtype=plain&ct=1&.txt\n\nhttp://[target]/scripts/s360v2/s360.exe?page=MessageDownload&mid=37&\nid=../../../../../../../../../../inetpub/scripts/s360v2/s360v2/data/admin&bc=1&type=text&subtype=plain&ct=1&.txt\n## References:\nVendor URL: http://cybozu.co.jp/\n[Vendor Specific Advisory URL](http://cybozu.co.jp/products/dl/notice_060825/)\n[Secunia Advisory ID:21618](https://secuniaresearch.flexerasoftware.com/advisories/21618/)\nOther Advisory URL: http://vuln.sg/cybozu-en.html\n[CVE-2006-4490](https://vulners.com/cve/CVE-2006-4490)\n", "published": "2006-08-28T06:19:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:28261", "cvelist": ["CVE-2006-4490"], "lastseen": "2017-04-28T13:20:24"}, {"id": "OSVDB:28262", "type": "osvdb", "title": "Cybozu Multiple Product ag.exe id Variable Traversal Arbitrary File Access", "description": "## Vulnerability Description\nCybozu Office contains a flaw that allows a remote attacker to download arbitrary files via directory traversal attacks. The issue is due to the ag.exe not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'id' variable.\n## Solution Description\nUpgrade to Office version 6.6 (Build 1.3) or higher, AG version 1.2 (1.5) or higher, AG Pocket 5.2 (0.8) or higher, Garoon 1.5 (4.1) or higher, or Mailwise 3.0 (0.3) or higeher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nCybozu Office contains a flaw that allows a remote attacker to download arbitrary files via directory traversal attacks. The issue is due to the ag.exe not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'id' variable.\n## Manual Testing Notes\nhttp://[target]/scripts/cbag/ag.exe?page=FileDownload&\nid=../../../../../../../../../../../../../inetpub/scripts/cbag/cb5/data/admin&notimecard=1&type=text&subtype=html&ct=1\n## References:\nVendor URL: http://collaborex.cybozu.co.jp/\nVendor URL: http://cybozu.co.jp/\n[Vendor Specific Advisory URL](http://cybozu.co.jp/products/dl/notice_060825/)\n[Secunia Advisory ID:21623](https://secuniaresearch.flexerasoftware.com/advisories/21623/)\n[Secunia Advisory ID:21656](https://secuniaresearch.flexerasoftware.com/advisories/21656/)\n[Secunia Advisory ID:21638](https://secuniaresearch.flexerasoftware.com/advisories/21638/)\n[Related OSVDB ID: 28263](https://vulners.com/osvdb/OSVDB:28263)\nOther Advisory URL: http://vuln.sg/cybozu-en.html\n[CVE-2006-4490](https://vulners.com/cve/CVE-2006-4490)\n[CVE-2006-4491](https://vulners.com/cve/CVE-2006-4491)\n", "published": "2006-08-28T06:33:59", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:28262", "cvelist": ["CVE-2006-4490", "CVE-2006-4491"], "lastseen": "2017-04-28T13:20:24"}], "exploitdb": [{"id": "EDB-ID:2266", "type": "exploitdb", "title": "Cybozu Products id Arbitrary File Retrieval Vulnerability", "description": "Cybozu Products (id) Arbitrary File Retrieval Vulnerability. CVE-2006-4490. Webapps exploit for cgi platform", "published": "2006-08-28T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/2266/", "cvelist": ["CVE-2006-4490"], "lastseen": "2016-01-31T15:53:10"}]}}