← volver
CVE-2006-0660

CVE-2006-0660

EPSS 4.6%
Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php.
Productos afectados
n/a · n/a
PoCs públicas encontradas2
exploitdbwww.exploit-db.com/exploits/27183no verificadoexploitdbwww.exploit-db.com/exploits/1538no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://forum.farsinewsteam.com/index.php?showtopic=71http://forum.farsinewsteam.com/index.php?showtopic=76http://secunia.com/advisories/18768https://exchange.xforce.ibmcloud.com/vulnerabilities/24598https://exchange.xforce.ibmcloud.com/vulnerabilities/24602http://www.hamid.ir/security/farsinews2-5.txthttp://www.osvdb.org/23020http://www.osvdb.org/23021http://www.osvdb.org/23022http://www.securityfocus.com/archive/1/424720/100/0/threadedhttp://www.securityfocus.com/bid/16580http://www.vupen.com/english/advisories/2006/0506