Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2014

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2014
Last Modified 07 Mar 2011 09:34:48
Published 25 Apr 2006 08:50:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2014

Summary

Directory traversal vulnerability in gallerie.php in SL_site 1.0 allows remote attackers to list images in arbitrary directories via ".." sequences in the rep parameter, which is used to construct a directory name in admin/config.inc.php. NOTE: this issue could be used to produce resultant XSS from an error message.

Vulnerable Systems

Application

  • Web-provence Sl Site 1.0


References

VUPEN - ADV-2006-1487

SECTRACK - 1015972

SECUNIA - 19792

XF - slsite-gallerie-directory-traversal(26037)

BID - 17672

BID - 17667

OSVDB - 24897


Last Updated: 27 May 2016 10:42:18