Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1995

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-1995
Last Modified 07 Mar 2011 09:34:45
Published 25 Apr 2006 08:50:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1995

Summary

Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order.

Vulnerable Systems

Application

  • Scry Gallery 1.1


References

VUPEN - ADV-2006-1490

BID - 17649

BUGTRAQ - 20060421 Scry Gallery Directory Traversal & Full Path Disclosure Vulnerabilites

MISC - http://downloads.securityfocus.com/vulnerabilities/exploits/17649-directory-traversal.exploit

XF - scry-gallery-index-directory-traversal(25991)

BID - 17668

OSVDB - 24889

SREASON - 784

SECUNIA - 19777

VIM - 20060425 Interesting Scry stuff


Last Updated: 27 May 2016 10:42:17