CVE-2006-1995 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-1995
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-1995

Description: Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/25991 VIM http://attrition.org/pipermail/vim/2006-April/000716.html SREASON http://securityreason.com/securityalert/784 SAID Secunia Advisory: SA19777 OSVDB 24889 MISC http://downloads.securityfocus.com/vulnerabilities/exploits/17649-directory-traversal.exploit BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/431716/100/0/threaded BID 17649 17668

Return to the previous page.