Lucene search

[email protected]CVE-2006-6381

HistoryDec 07, 2006 - 9:28 p.m.

CVE-2006-6381

2006-12-0721:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-6381

directory traversal

ultimate helpdesk

vulnerability

nvd

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

80.9%

JSON

Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote attackers to read arbitrary files via a … (dot dot) in the filename parameter.

CPENameOperatorVersion
ultimate_helpdesk:ultimate_helpdeskultimate helpdeskeq*

CPE	Name	Operator	Version
ultimate_helpdesk:ultimate_helpdesk	ultimate helpdesk	eq	*

References

secunia.com/advisories/23225

www.vupen.com/english/advisories/2006/4819

exchange.xforce.ibmcloud.com/vulnerabilities/30722

www.exploit-db.com/exploits/2881

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

80.9%

JSON