Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1114

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-1114
Last Modified 07 Mar 2011 09:32:03
Published 09 Mar 2006 08:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1114

Summary

Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (2) page parameters in (a) index.php, and the (3) language parameter in (b) inc/backend_settings.php.

Vulnerable Systems

Application

  • Gerrit Van Aaken Loudblog 0.41


References

SECUNIA - 19172

VUPEN - ADV-2006-0878

BID - 17023

BUGTRAQ - 20060307 Loudblog 0.41 SQL Injection, Local file read/include

CONFIRM - http://loudblog.de/forum/viewtopic.php?id=590

XF - loudblog-index-directory-traversal(25103)


Last Updated: 27 May 2016 10:41:56