Hosting Controller 7C FolderManager.ASPX Directory Traversal Vulnerability

{"bulletinFamily": "exploit", "id": "EDB-ID:29357", "cvelist": ["CVE-2006-6814"], "modified": "2006-12-27T00:00:00", "lastseen": "2016-02-03T10:07:30", "edition": 1, "sourceData": "source: http://www.securityfocus.com/bid/21786/info\r\n\r\nHosting Controller is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. \r\n\r\nAn attacker can exploit this issue to modify or retrieve arbitrary files in the context of the webserver process. This may aid in further attacks.\r\n\r\nThis issue affects version 7C; earlier versions may also be vulnerable.\r\n\r\nhttp://www.example.com/FolderManager/FolderManager.aspx?BrowseLevel=1&BrowsePath=[SITE NORMAL PATH]\\..\\..\\..\\..\\program%20files", "published": "2006-12-27T00:00:00", "href": "https://www.exploit-db.com/exploits/29357/", "osvdbidlist": ["32550"], "reporter": "KAPDA", "hash": "370121230bee035828be79516b6eb38056a2b507287198fcb03bf7fc4f70d3f4", "title": "Hosting Controller 7C FolderManager.ASPX Directory Traversal Vulnerability", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "Hosting Controller 7C FolderManager.ASPX Directory Traversal Vulnerability. CVE-2006-6814. Webapps exploit for asp platform", "references": [], "cvss": {"score": 6.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/29357/", "enchantments": {"vulnersScore": 6.3}}

{"result": {"cve": [{"id": "CVE-2006-6814", "type": "cve", "title": "CVE-2006-6814", "description": "Directory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via ..\\ (dot dot backslash) sequences in the BrowsePath parameter.", "published": "2006-12-29T06:28:00", "cvss": {"score": 6.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6814", "cvelist": ["CVE-2006-6814"], "lastseen": "2016-09-03T08:05:33"}], "seebug": [{"id": "SSV-82866", "type": "seebug", "title": "Hosting Controller 7C FolderManager. ASPX Directory Traversal Vulnerability", "description": "Summary: \nHosting Controller 7c of the FolderManager/FolderManager. aspx there is a directory traversal vulnerability, the Remote Authentication of users through the BrowsePath parameter is within a..\\\\(dot dot backslash)sequences to read and modify any of the file lists of arbitrary directories.\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 6.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://www.seebug.org/vuldb/ssvid-82866", "cvelist": ["CVE-2006-6814"], "lastseen": "2016-07-29T16:52:48"}], "osvdb": [{"id": "OSVDB:32550", "type": "osvdb", "title": "Hosting Controller FolderManager/FolderManager.aspx BrowsePath Variable Traversal Arbitrary File Access", "description": "# No description provided by the source\n\n## References:\nSecurity Tracker: 1017447\n[Secunia Advisory ID:23585](https://secuniaresearch.flexerasoftware.com/advisories/23585/)\nOther Advisory URL: http://www.kapda.ir/advisory-458.html\nFrSIRT Advisory: ADV-2007-0023\n[CVE-2006-6814](https://vulners.com/cve/CVE-2006-6814)\nBugtraq ID: 21786\n", "published": "2006-12-26T04:33:57", "cvss": {"score": 6.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:NONE/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:32550", "cvelist": ["CVE-2006-6814"], "lastseen": "2017-04-28T13:20:28"}]}}