2 matches found
CVE-2006-4767
Multiple directory traversal vulnerabilities in Stefan Ernst Newsscript aka WM-News 0.5beta allow remote attackers to 1 read arbitrary local files via a .. dot dot sequence in the ide parameter in modify.php and 2 write to arbitrary local files via a .. sequence in the var parameter in addgo.php...
CVE-2006-4767
The CVE-2006-4767 entry concerns Stefan Ernst Newsscript (aka WM-News) 0.5beta. The described vulnerabilities are directory traversal flaws caused by improper handling of a .. sequence: (1) in modify.php with the ide parameter could allow reading arbitrary local files, and (2) in add_go.php with ...