Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2617

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2617
Last Modified 07 Mar 2011 09:36:35
Published 25 May 2006 09:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2617

Summary

(1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to obtain the installation path via an invalid entry in the Username field on the login page, which causes the path to be displayed in an SQL error. NOTE: this issue might be resultant from SQL injection.

Vulnerable Systems

Application

  • Alstrasoft Webhost Directory 1.2


References

XF - hs-webhostdirectory-multiple-path-disclosure(26661)

XF - webhostdirectory-multiple-path-disclosure(26656)

VUPEN - ADV-2006-1973

VUPEN - ADV-2006-1972

MISC - http://www.sitepoint.com/forums/showthread.php?t=311969

BUGTRAQ - 20060523 AlstraSoft Web Host Directory v1.2

SECUNIA - 20278

SECUNIA - 20276

SREASON - 955


Last Updated: 27 May 2016 10:42:40