Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0824

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0824
Last Modified 07 Mar 2011 09:30:52
Published 21 Feb 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0824

Summary

Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to include arbitrary local files and execute arbitrary code via (1) absolute paths in unspecified parameters and (2) the language cookie, as demonstrated for code execution using error.log.

Vulnerable Systems

Application

  • Geeklog 1.3.11

  • Geeklog 1.3.11 Sr1

  • Geeklog 1.3.11 Sr2

  • Geeklog 1.3.11 Sr3

  • Geeklog 1.4.0


References

CONFIRM - http://www.geeklog.net/article.php/geeklog-1.4.0sr1

SECUNIA - 18920

VUPEN - ADV-2006-0661

MISC - http://www.gulftech.org/?node=research&article_id=00102-02192006

BID - 16755

BUGTRAQ - 20060219 Geeklog Remote Code Execution

OSVDB - 23349


Last Updated: 27 May 2016 10:41:48