|
|
CVE Reference: CVE-2006-0660 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-0660 |
|
|
Description: Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/24602 http://xforce.iss.net/xforce/xfdb/24598 SAID Secunia Advisory: SA18768 OSVDB 23022 23021 23020 MISC http://forum.farsinewsteam.com/index.php?showtopic=76 http://www.hamid.ir/security/farsinews2-5.txt http://forum.farsinewsteam.com/index.php?showtopic=71 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/424720/100/0/threaded BID 16580 |
|
| Return to the previous page. |
