Vulnerabilities > CVE-2006-1114 - Input Validation vulnerability in Gerrit VAN Aaken Loudblog 0.41
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (2) page parameters in (a) index.php, and the (3) language parameter in (b) inc/backend_settings.php. This vulnerability affects Loudblog versions 0.41 and previous.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description LoudBlog 0.41 index.php template Parameter Traversal Arbitrary File Access. CVE-2006-1114. Webapps exploit for php platform id EDB-ID:27369 last seen 2016-02-03 modified 2006-03-07 published 2006-03-07 reporter tzitaroth source https://www.exploit-db.com/download/27369/ title LoudBlog 0.41 index.php template Parameter Traversal Arbitrary File Access description LoudBlog 0.41 backend_settings.php language Parameter Traversal Arbitrary File Access. CVE-2006-1114. Webapps exploit for php platform id EDB-ID:27370 last seen 2016-02-03 modified 2006-03-07 published 2006-03-07 reporter tzitaroth source https://www.exploit-db.com/download/27370/ title LoudBlog 0.41 backend_settings.php language Parameter Traversal Arbitrary File Access
Nessus
NASL family | CGI abuses |
NASL id | LOUDBLOG_042.NASL |
description | The remote host is running Loudblog, a PHP application for publishing podcasts and similar media files. The version of Loudblog installed on the remote host fails to sanitize input to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21024 |
published | 2006-03-08 |
reporter | This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/21024 |
title | Loudblog < 0.42 template Parameter Traversal |
code |
|