Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0371

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0371
Last Modified 05 Sep 2008 04:59:04
Published 22 Jan 2006 03:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0371

Summary

Directory traversal vulnerability in index.php in Noah Medling RCBlog 1.03 allows remote attackers to read arbitrary .txt files, possibly including one that stores the administrator's account name and password, via a .. (dot dot) in the post parameter.

Vulnerable Systems

Application

  • Noah Medling Rcblog 1.03


References

BID - 16342

BUGTRAQ - 20060120 [eVuln] RCBlog Directory Traversal & Sensitive Information Disclosure

MISC - http://www.fluffington.com/index.php?page=rcblog

SECUNIA - 18547

MISC - http://evuln.com/vulns/42/summary.html

XF - rcblog-index-file-include(27042)

XF - rcblog-index-directory-traversal(24248)

BUGTRAQ - 20060611 RCblog 1.03 Directory Traversal [index.php]

BUGTRAQ - 20060218 RCblog exploit [fun]

OSVDB - 22680

SECTRACK - 1015523


Last Updated: 27 May 2016 10:41:38