Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0567

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0567
Last Modified 07 Mar 2011 09:30:20
Published 07 Feb 2006 01:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0567

Summary

Directory traversal vulnerability in Files Xaraya module before 0.5.1, when the Archive Directory field on the Modify Config page is blank, allows remote attackers to access files outside of the web root via ".." (dot dot) sequences.

Vulnerable Systems

Application

  • Curtis Farnham Files Xaraya Module 0.3.0

  • Curtis Farnham Files Xaraya Module 0.4.0


References

XF - files-archive-directory-directory-traversal(24393)

CONFIRM - http://xaraya.curtisfarnham.com/articles/Files_0.5.1_-_Security_Fix_and_other_things

VUPEN - ADV-2006-0371


Last Updated: 27 May 2016 10:41:42