Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0315

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2006-0315
Last Modified 05 Sep 2008 04:58:55
Published 18 Jan 2006 08:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0315

Summary

index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure.

Vulnerable Systems

Application

  • Indexcor Ezdatabase 2.1.1


References

MISC - http://zur.homelinux.com/Advisories/ezdatabase_dir_trans.txt

BID - 16257

BUGTRAQ - 20060115 EZDatabase Directory Transversal, XSS and Path Disclosure Vulnerability

SECUNIA - 18043

XF - ezdatabase-index-p-path-disclosure(24135)

XF - ezdatabase-index-p-xss(24134)

OSVDB - 22684


Last Updated: 27 May 2016 10:41:36