Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0910

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0910
Last Modified 05 Sep 2008 05:00:32
Published 28 Feb 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0910

Summary

Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1) sources/loginauth/convert/, (2) sources/portal_plugins/, (3) cache/skin_cache/cacheid_2/, (4) ips_kernel/PEAR/, (5) ips_kernel/PEAR/Text/, (6) ips_kernel/PEAR/Text/Diff/, (7) ips_kernel/PEAR/Text/Diff/Renderer/, (8) style_images/1/folder_rte_files/, (9) style_images/1/folder_js_skin/, (10) style_images/1/folder_rte_images/, and (11) upgrade/ and its subdirectories.

Vulnerable Systems

Application

  • Invision Power Services Invision Power Board 2.0.0

  • Invision Power Services Invision Power Board 2.0.1

  • Invision Power Services Invision Power Board 2.0.2

  • Invision Power Services Invision Power Board 2.0.3

  • Invision Power Services Invision Power Board 2.0.4

  • Invision Power Services Invision Power Board 2.1 Beta2

  • Invision Power Services Invision Power Board 2.1 Beta3

  • Invision Power Services Invision Power Board 2.1 Beta4

  • Invision Power Services Invision Power Board 2.1 Beta5

  • Invision Power Services Invision Power Board 2.1 Rc1

  • Invision Power Services Invision Power Board 2.1.0

  • Invision Power Services Invision Power Board 2.1.1

  • Invision Power Services Invision Power Board 2.1.2

  • Invision Power Services Invision Power Board 2.1.3

  • Invision Power Services Invision Power Board 2.1.4


References

XF - invisionpowerboard-multiple-info-disclosure(24840)

BUGTRAQ - 20060221 Invision Power Board 2.1.4 Multiple Vulnerabilities

MISC - http://neosecurityteam.net/index.php?action=advisories&id=16

MISC - http://neosecurityteam.net/advisories/Advisory-16.txt


Last Updated: 27 May 2016 10:41:50