Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2881

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2881
Last Modified 07 Mar 2011 09:37:11
Published 07 Jun 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2881

Summary

Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts.

Vulnerable Systems

Application

  • Dreamcost Dreamaccount 3.1


References

XF - dreamaccount-dapath-file-include(26932)

VUPEN - ADV-2006-2152

BID - 18278

BUGTRAQ - 20060606 Re: [MajorSecurity #8]DreamAccount <= 3.1 - Remote File Include Vulnerability

BUGTRAQ - 20060605 [MajorSecurity #8]DreamAccount <= 3.1 - Remote File Include Vulnerability

OSVDB - 26170

OSVDB - 26169

OSVDB - 26168

MISC - http://www.majorsecurity.de/advisory/major_rls8.txt

SECTRACK - 1016272

SECUNIA - 20468

SREASON - 1062

MILW0RM - 1881


Last Updated: 27 May 2016 10:42:48