Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3365

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-3365
Last Modified 06 Oct 2011 12:00:00
Published 06 Jul 2006 04:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3365

Summary

V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement.

Vulnerable Systems

Application

  • V3 Chat Beta


References

XF - v3chat-index-path-disclosure(27395)

VUPEN - ADV-2006-2474

BID - 18543

BUGTRAQ - 20060622 Re: V3Chat Instant Messenger - XSS

BUGTRAQ - 20060617 V3Chat Instant Messenger - XSS

SECTRACK - 1016340


Last Updated: 27 May 2016 10:42:58