Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0714

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0714
Last Modified 07 Mar 2011 09:30:38
Published 15 Feb 2006 06:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0714

Summary

Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter.

Vulnerable Systems

Application

  • Flyspray 0.9.7


References

SECUNIA - 18847

VUPEN - ADV-2006-0569

BID - 16618

BUGTRAQ - 20060213 EGS Enterprise Groupware System 1.0 rc4 remote commands execution & FlySpray 0.9.7 remote commands execution

MISC - http://retrogod.altervista.org/egs_10rc4_php5_incl_xpl.html

XF - flyspray-adodbpath-file-include(24735)

SREASON - 432


Last Updated: 27 May 2016 10:41:46