Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0327

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0327
Last Modified 07 Mar 2011 09:29:47
Published 20 Jan 2006 07:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0327

Summary

TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails.

Vulnerable Systems

Application

  • Typo3 3.7.1

  • Typo3 3.8.1


References

BUGTRAQ - 20060119 IRM 015: File system path disclosure on TYPO3 Web Content Manager

VUPEN - ADV-2006-0269

BUGTRAQ - 20060119 Re: IRM 015: File system path disclosure on TYPO3 Web Content Manager

BUGTRAQ - 20060119 Re: IRM 015: File system path disclosure on TYPO3 Web Content Manage

MISC - http://www.irmplc.com/advisory015.htm

SECUNIA - 18546

MISC - http://bugs.typo3.org/view.php?id=2248

XF - typo3-multiple-path-disclosure(24244)

OSVDB - 22667

OSVDB - 22666

OSVDB - 22665

SREASON - 361


Last Updated: 27 May 2016 10:41:36