Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1224

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-1224
Last Modified 07 Mar 2011 09:32:29
Published 14 Mar 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1224

Summary

Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows remote attackers to overwrite arbitrary files via a "%2E." (mixed encoding) in the pg parameter.

Vulnerable Systems

Application

  • Guppy 2.4

  • Guppy 2.4 P1

  • Guppy 2.4 P3

  • Guppy 2.4 P4

  • Guppy 4.5

  • Guppy 4.5.10

  • Guppy 4.5.11

  • Guppy 4.5.3

  • Guppy 4.5.3a

  • Guppy 4.5.4

  • Guppy 4.5.9


References

XF - guppy-dwnld-file-deletion(25141)

BID - 17068

BUGTRAQ - 20060310 [KAPDA::#33] - GuppY <= 4.5.11 Remote DoS vulnerability

MISC - http://www.kapda.ir/advisory-291.html

CONFIRM - http://www.freeguppy.org/?lng=en

SECTRACK - 1015753

SECUNIA - 19222

VUPEN - ADV-2006-0936

OSVDB - 23993

OSVDB - 23846

SREASON - 569


Last Updated: 27 May 2016 10:41:58