Vulnerabilities > CVE-2006-1771 - Directory Traversal vulnerability in Saxopress URL Parameter
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH SAXoPRESS, aka Saxotech Online (formerly Publicus) allows remote attackers to read arbitrary files and possibly execute arbitrary programs via a .. (dot dot) in the url parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Saxopress URL Parameter Directory Traversal Vulnerability. CVE-2006-1771. Remote exploit for windows platform |
id | EDB-ID:27627 |
last seen | 2016-02-03 |
modified | 2006-04-11 |
published | 2006-04-11 |
reporter | SecuriTeam |
source | https://www.exploit-db.com/download/27627/ |
title | Saxopress URL Parameter Directory Traversal Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | SAXOPRESS_URL_DIR_TRAVERSAL.NASL |
description | The remote host is running SAXoPRESS or Publicus, web content management systems commonly used by newspapers. The installation of SAXoPRESS / Publicus on the remote host fails to validate user input to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21230 |
published | 2006-04-17 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21230 |
title | SAXoPRESS pbcs.dll url Parameter Traversal Arbitrary File Access |
code |
|
References
- http://secunia.com/advisories/19566
- http://www.securityfocus.com/archive/1/430707/100/0/threaded
- http://www.securityfocus.com/archive/1/431037/30/5580/threaded
- http://www.securityfocus.com/bid/17474
- http://www.vupen.com/english/advisories/2006/1327
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25768