Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1823

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-1823
Last Modified 07 Mar 2011 09:34:22
Published 18 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1823

Summary

Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier allows remote attackers to obtain the installation path via ".." sequences in the archive parameter to index.php, which leaks the full pathname in an error message.

Vulnerable Systems

Application

  • Farsinews 2.1

  • Farsinews 2.1 Beta2

  • Farsinews 2.5

  • Farsinews 2.5.3


References

VUPEN - ADV-2006-1411

BUGTRAQ - 20060414 Farsinews Cross-Site Scripting & Path disclosure vulnerability

SECTRACK - 1015943

SREASON - 710

SECUNIA - 19648


Last Updated: 27 May 2016 10:42:14