|
|
CVE Reference: CVE-2006-1995 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-1995 |
|
|
Description: Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/25991 VIM http://attrition.org/pipermail/vim/2006-April/000716.html SREASON http://securityreason.com/securityalert/784 SAID Secunia Advisory: SA19777 OSVDB 24889 MISC http://downloads.securityfocus.com/vulnerabilities/exploits/17649-directory-traversal.exploit BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/431716/100/0/threaded BID 17649 17668 |
|
| Return to the previous page. |
