Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2693

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2006-2693
Last Modified 07 Mar 2011 09:36:47
Published 31 May 2006 06:06:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2693

Summary

Directory traversal vulnerability in admin/admin_hacks_list.php in Nivisec Hacks List 1.20 and earlier for phpBB, when register_globals is enabled, allows remote attackers to read arbitrary files via a ".." in the phpEx parameter.

Vulnerable Systems

Application

  • Nivisec Hacks List 1.20


References

VUPEN - ADV-2006-2034

BID - 18162

BUGTRAQ - 20060528 Advisory: phpBB 2.x (admin/admin_hacks_list.php) Local InclusionVulnerability.

MISC - http://www.nukedx.com/?viewdoc=37

CONFIRM - http://www.nivisec.com/article.php?l=vi&ar=15

SECUNIA - 20359

XF - nivisechackslist-phpex-file-include(26840)


Last Updated: 27 May 2016 10:42:42