Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3184

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2006-3184
Last Modified 07 Mar 2011 09:38:03
Published 22 Jun 2006 08:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-3184

Summary

Direct static code injection vulnerability in ASP Stats Generator before 2.1.2 allows remote authenticated attackers to execute arbitrary ASP code via the strAsgSknPageBgColour parameter to settings_skin.asp, which is stored in inc_skin_file.asp.

Vulnerable Systems

Application

  • Asp Stats Generator 2.1.1


References

XF - aspstatsgenerator-settingsskin-code-execution(27284)

VUPEN - ADV-2006-2414

SECUNIA - 20721

CONFIRM - http://blog.asp-stats.com/index.php/2006/06/18/asp-stats-generator-v212/

MISC - http://www.hamid.ir/security/aspstats.txt

MILW0RM - 1931


Last Updated: 27 May 2016 10:42:54