Lucene search

[email protected]CVE-2006-7086

HistoryMar 02, 2007 - 9:18 p.m.

CVE-2006-7086

2007-03-0221:18:00

CWE-200

[email protected]

web.nvd.nist.gov

information security

hot links

vulnerability

remote attackers

sensitive information

database

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.3%

JSON

The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter.

Affected configurations

NVD

Node

mrcgiguyhot_linksMatch-

CPENameOperatorVersion
mrcgiguy:hot_linksmrcgiguy hot linkseq-

CPE	Name	Operator	Version
mrcgiguy:hot_links	mrcgiguy hot links	eq	-

References

marc.info/?l=bugtraq&m=116370290529916&w=2

marc.info/?l=bugtraq&m=116373064308228&w=2

secunia.com/advisories/22970

www.securityfocus.com/bid/21112

www.vupen.com/english/advisories/2006/4585

exchange.xforce.ibmcloud.com/vulnerabilities/30340

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.3%

JSON

Related for CVE-2006-7086

nvd1 cvelist1