Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2633

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2006-2633
Last Modified 07 Mar 2011 09:36:36
Published 30 May 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-2633

Summary

Absolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to create or overwrite files in other users' directories by specifying the absolute path of the directory in the infolder parameter and simultaneously specifying the filename in the filepath parameter.

Vulnerable Systems

Application

  • Andrew Godwin Bytehoard 2.0 Beta1

  • Andrew Godwin Bytehoard 2.0 Beta2

  • Andrew Godwin Bytehoard 2.0.0

  • Andrew Godwin Bytehoard 2.0.1

  • Andrew Godwin Bytehoard 2.0.2

  • Andrew Godwin Bytehoard 2.0.3

  • Andrew Godwin Bytehoard 2.0.4

  • Andrew Godwin Bytehoard 2.0.5

  • Andrew Godwin Bytehoard 2.1 Alpha

  • Andrew Godwin Bytehoard 2.1 Beta

  • Andrew Godwin Bytehoard 2.1 Delta

  • Andrew Godwin Bytehoard 2.1 Gamma


References

BID - 18139

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=420549&group_id=90199

SECUNIA - 20304

VUPEN - ADV-2006-2033

BUGTRAQ - 20060523 ByteHoard <= 2.1 multiple vulnerabilities

CONFIRM - http://sourceforge.net/forum/forum.php?forum_id=576219

XF - bytehoard-index-directory-traversal(26705)

SREASON - 968


Last Updated: 27 May 2016 10:42:40