Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1959

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1959
Last Modified 07 Mar 2011 09:34:41
Published 21 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1959

Summary

PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter.

Vulnerable Systems

Application

  • Actualscripts Actualanalyzer 2.72

  • Actualscripts Actualanalyzer 7.63

  • Actualscripts Actualanalyzer 8.23


References

VUPEN - ADV-2006-1430

BID - 17597

BUGTRAQ - 20060419 [MajorSecurity]ActualAnalyzer - Remote File Include Vulnerability

SECUNIA - 19743

XF - actualanalyzer-direct-file-include(25893)

BUGTRAQ - 20060520 ActualAnalyzer Server <=8.23 - Remote File Include Vulnerability

OSVDB - 24778

SECTRACK - 1015967

SREASON - 742


Last Updated: 27 May 2016 10:42:16