Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2347

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2347
Last Modified 07 Mar 2011 09:36:02
Published 12 May 2006 01:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2347

Summary

E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection.

Vulnerable Systems

Application

  • Oasyssoft E-business Designer 2.3.3

  • Oasyssoft E-business Designer 3.1.4


References

VUPEN - ADV-2006-1784

BID - 17933

SECUNIA - 20071

FULLDISC - 20060511 Several flaws in e-business designer (eBD)

XF - ebd-multiple-path-disclosure(26476)

SREASON - 891


Last Updated: 27 May 2016 10:42:26