Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2405

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2006-2405
Last Modified 07 Mar 2011 09:36:08
Published 16 May 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2405

Summary

Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] parameter to unb_lib/abbc.css.php.

Vulnerable Systems

Application

  • Unclassified Newsboard 1.5.3

  • Unclassified Newsboard 1.5.3 Patch3

  • Unclassified Newsboard 1.5.3a

  • Unclassified Newsboard 1.6.1

  • Unclassified Newsboard 1.6.1 Patch1


References

CONFIRM - http://newsboard.unclassified.de/forum/post/6499

XF - unclassified-abbcconf-file-include(26507)

VUPEN - ADV-2006-1782

BID - 17947

BUGTRAQ - 20060511 Unclassified NewsBoard <= 1.6.1 patch 1 ABBC[Config][smileset] arbitrary local inclusion

SECUNIA - 20090

MISC - http://retrogod.altervista.org/unb_161p1_incl_xpl.html

OSVDB - 25494

SREASON - 899


Last Updated: 27 May 2016 10:42:27