Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2964

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2964
Last Modified 05 Sep 2008 05:05:54
Published 12 Jun 2006 04:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2964

Summary

Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts Download Manager (aka Xtreme Downloads) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) download.php, (2) manager.php, (3) admin/scripts/category.php, (4) includes/add_allow.php, (5) admin/index.php, and (6) admin/admin/login.php.

Vulnerable Systems

Application

  • Xtreme Scripts Download Manager 1.0


References

XF - xtremedownloads-root-file-include(26961)

BUGTRAQ - 20060605 Multiple file include exploits in Xtreme Downloads v.1.0

BUGTRAQ - 20060605 file include in Xtreme Downloads v.1.0

OSVDB - 26646

OSVDB - 26645

OSVDB - 26644

OSVDB - 26643

OSVDB - 26648

OSVDB - 26647

SREASON - 1072


Last Updated: 27 May 2016 10:42:50