Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0795

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0795
Last Modified 13 May 2011 12:00:00
Published 19 Feb 2006 04:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0795

Summary

Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 and earlier allows remote attackers to read arbitrary files, and possibly execute arbitrary code, via the (1) quiz_head, (2) quiz_foot, and (3) template variables.

Vulnerable Systems

Application

  • Thomastsoi Quirex 2.0

  • Thomastsoi Quirex 2.0.2


References

XF - quirex-convert-information-disclosure(24672)

VUPEN - ADV-2006-0641

BID - 16709

BUGTRAQ - 20060226 [eVuln] Quirex Arbitrary File Disclosure Vulnerability

SECUNIA - 18926

MISC - http://evuln.com/vulns/78/summary.html


Last Updated: 27 May 2016 10:41:48