ID CVE-2006-6512Type cveReporter NVDModified 2018-10-17T17:49:02
Description
Directory traversal vulnerability in the Browse function (/browse URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to list arbitrary directories via URL encoded backslashes ("%2F") in the path parameter.
{"id": "CVE-2006-6512", "bulletinFamily": "NVD", "title": "CVE-2006-6512", "description": "Directory traversal vulnerability in the Browse function (/browse URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to list arbitrary directories via URL encoded backslashes (\"%2F\") in the path parameter.", "published": "2006-12-13T20:28:00", "modified": "2018-10-17T17:49:02", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6512", "reporter": "NVD", "references": ["http://www.vupen.com/english/advisories/2006/4935", "http://www.securityfocus.com/archive/1/454059/100/0/threaded", "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051217.html", "http://aluigi.altervista.org/adv/wawix-adv.txt", "http://securityreason.com/securityalert/2032", "http://securitytracker.com/id?1017362", "https://exchange.xforce.ibmcloud.com/vulnerabilities/30827"], "cvelist": ["CVE-2006-6512"], "type": "cve", "lastseen": "2018-10-18T15:05:38", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:flippet.org:winamp_web_interface:7.5.13"], "cvelist": ["CVE-2006-6512"], "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Directory traversal vulnerability in the Browse function (/browse URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to list arbitrary directories via URL encoded backslashes (\"%2F\") in the path parameter.", "edition": 2, "enchantments": {"score": {"modified": "2017-07-29T11:21:43", "value": 5.0, "vector": "NONE"}}, "hash": "97a028f298ec88b9586612dc92fd537ecd6837191f6a5d817470e26cf2716bd3", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "c36eaf3491a89313d92520af001c1e58", "key": "cvelist"}, {"hash": "57eb44ced8148c335b4eae011a6ec02b", "key": "references"}, {"hash": "db11541b734967cca30dd6f3e370cdfa", "key": "description"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "87b57f305aed3d1ab70a4e2f79bcf6cd", "key": "cpe"}, {"hash": "817c48b09eed32a4f6f933f2618f4d36", "key": "modified"}, {"hash": "8184ae8f9f62d93cfef76a07b8a055be", "key": "cvss"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d93304deae10baffb6ffd4dfe11d11fc", "key": "title"}, {"hash": "51a4efd60fab081a9db96a5399b29260", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "d690975af5650821d5d1dbc56dc2bc47", "key": "href"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6512", "id": "CVE-2006-6512", "lastseen": "2017-07-29T11:21:43", "modified": "2017-07-28T21:29:34", "objectVersion": "1.3", "published": "2006-12-13T20:28:00", "references": ["http://www.vupen.com/english/advisories/2006/4935", "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051217.html", "http://aluigi.altervista.org/adv/wawix-adv.txt", "http://www.securityfocus.com/archive/1/archive/1/454059/100/0/threaded", "http://securityreason.com/securityalert/2032", "http://securitytracker.com/id?1017362", "https://exchange.xforce.ibmcloud.com/vulnerabilities/30827"], "reporter": "NVD", "scanner": [], "title": "CVE-2006-6512", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-07-29T11:21:43"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:flippet.org:winamp_web_interface:7.5.13"], "cvelist": ["CVE-2006-6512"], "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Directory traversal vulnerability in the Browse function (/browse URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to list arbitrary directories via URL encoded backslashes (\"%2F\") in the path parameter.", "edition": 1, "enchantments": {}, "hash": "121b11dfb4c3e3815e2a22d4601cc9c1f88937398cebf701a7319b9e241cbd4f", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "c36eaf3491a89313d92520af001c1e58", "key": "cvelist"}, {"hash": "db11541b734967cca30dd6f3e370cdfa", "key": "description"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "053dbb8b458c41f79568f6ae8c9d9b87", "key": "modified"}, {"hash": "87b57f305aed3d1ab70a4e2f79bcf6cd", "key": "cpe"}, {"hash": "8184ae8f9f62d93cfef76a07b8a055be", "key": "cvss"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d93304deae10baffb6ffd4dfe11d11fc", "key": "title"}, {"hash": "51a4efd60fab081a9db96a5399b29260", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "d690975af5650821d5d1dbc56dc2bc47", "key": "href"}, {"hash": "587da1227716879295afe2625826c28a", "key": "references"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6512", "id": "CVE-2006-6512", "lastseen": "2016-09-03T08:01:00", "modified": "2011-03-07T21:46:10", "objectVersion": "1.2", "published": "2006-12-13T20:28:00", "references": ["http://www.vupen.com/english/advisories/2006/4935", "http://xforce.iss.net/xforce/xfdb/30827", "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051217.html", "http://aluigi.altervista.org/adv/wawix-adv.txt", "http://www.securityfocus.com/archive/1/archive/1/454059/100/0/threaded", "http://securityreason.com/securityalert/2032", "http://securitytracker.com/id?1017362"], "reporter": "NVD", "scanner": [], "title": "CVE-2006-6512", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T08:01:00"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "87b57f305aed3d1ab70a4e2f79bcf6cd"}, {"key": "cvelist", "hash": "c36eaf3491a89313d92520af001c1e58"}, {"key": "cvss", "hash": "8184ae8f9f62d93cfef76a07b8a055be"}, {"key": "description", "hash": "db11541b734967cca30dd6f3e370cdfa"}, {"key": "href", "hash": "d690975af5650821d5d1dbc56dc2bc47"}, {"key": "modified", "hash": "bc90dcd42aad6fe72cb3f92650ee6bff"}, {"key": "published", "hash": "51a4efd60fab081a9db96a5399b29260"}, {"key": "references", "hash": "24439eca5301b303ff783f95162e4927"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "d93304deae10baffb6ffd4dfe11d11fc"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "0ca928cbf00b5236517c3665c7b43281553127e0ab301a45f8c4bed05b99bd4a", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2018-10-18T15:05:38"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "cpe": ["cpe:/a:flippet.org:winamp_web_interface:7.5.13"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"osvdb": [{"lastseen": "2017-04-28T13:20:28", "references": [], "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.flippet.org/wawi/\nSecurity Tracker: 1017362\n[Secunia Advisory ID:23292](https://secuniaresearch.flexerasoftware.com/advisories/23292/)\n[Related OSVDB ID: 31907](https://vulners.com/osvdb/OSVDB:31907)\n[Related OSVDB ID: 31906](https://vulners.com/osvdb/OSVDB:31906)\n[Related OSVDB ID: 31905](https://vulners.com/osvdb/OSVDB:31905)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-12/0195.html\nISS X-Force ID: 30827\nFrSIRT Advisory: ADV-2006-4935\n[CVE-2006-6512](https://vulners.com/cve/CVE-2006-6512)\n", "edition": 1, "reporter": "OSVDB", "published": "2006-12-10T06:03:53", "title": "WAWI /browse Interface Traversal Arbitrary File Access", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2006-6512"], "modified": "2006-12-10T06:03:53", "href": "https://vulners.com/osvdb/OSVDB:31904", "id": "OSVDB:31904", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}]}
