Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0628

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0628
Last Modified 07 Mar 2011 09:30:28
Published 10 Feb 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0628

Summary

myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute arbitrary commands via shell metacharacters in the URL, which are not properly handled as part of the PATH_INFO environment variable.

Vulnerable Systems

Application

  • Dale Ray Myquiz 1.01


References

MISC - http://www.evuln.com/vulns/57/summary.html

MISC - http://www.corantodemo.net/coranto/viewnews.cgi?id=EpApAAAVkyirPGThSf&style=dldetails

VUPEN - ADV-2006-0443

BUGTRAQ - 20060203 [eVuln] MyQuiz Arbitrary Command Execution Vulnerability

XF - myquiz-pathinfo-command-execution(24501)

BUGTRAQ - 20060207 MyQuiz Arbitrary Command Execution Exploit (perl)

OSVDB - 22925

SREASON - 409

SECUNIA - 18737

VIM - 20060209 Vendor ACK for MyQuiz


Last Updated: 27 May 2016 10:41:44