Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3050

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-3050
Last Modified 05 Sep 2008 05:06:07
Published 16 Jun 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3050

Summary

Directory traversal vulnerability in detail.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the template parameter.

Vulnerable Systems

Application

  • Six Offene Systeme Gmbh Sixcms 6.0


References

BID - 18395

BUGTRAQ - 20060619 Re: [MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities

BUGTRAQ - 20060612 [MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities

MISC - http://www.majorsecurity.de/advisory/major_rls17.txt

SECTRACK - 1016282

XF - sixcms-detail-directory-traversal(27107)

SREASON - 1101


Last Updated: 27 May 2016 10:42:52