Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2952

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2952
Last Modified 07 Mar 2011 09:37:22
Published 12 Jun 2006 04:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2952

Summary

Directory traversal vulnerability in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the (1) Default_Theme parameter to header.php or (2) ModPath parameter to modules/cluster-paradise/cluster-E.php.

Vulnerable Systems

Application

  • Net Portal Dynamic System 5.10


References

VUPEN - ADV-2006-2233

BID - 18383

BUGTRAQ - 20060608 NPDS <= 5.10 Local Inclusion, XSS, Full path disclosure

MISC - http://www.acid-root.new.fr/advisories/npds510.txt

SECUNIA - 20523

XF - npds-header-clustere-file-include(27121)

OSVDB - 26291

OSVDB - 26290

SREASON - 1076


Last Updated: 27 May 2016 10:42:50