CVE-2006-4169
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
80.4%
Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a β¦ (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| squirrelmail | gpg_plugin | 2.0 | cpe:2.3:a:squirrelmail:gpg_plugin:2.0:*:*:*:*:*:*:* |
| squirrelmail | gpg_plugin | 2.1_dev | cpe:2.3:a:squirrelmail:gpg_plugin:2.1_dev:*:*:*:*:*:*:* |
References
labs.idefense.com/intelligence/vulnerabilities/display.php?id=555
osvdb.org/37932
osvdb.org/37933
secunia.com/advisories/26035
secunia.com/advisories/26424
security.gentoo.org/glsa/glsa-200708-08.xml
www.securityfocus.com/bid/24874
www.vupen.com/english/advisories/2007/2513
exchange.xforce.ibmcloud.com/vulnerabilities/35362
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
80.4%