Vulnerabilities > CVE-2006-2406 - Directory Traversal vulnerability in Unclassified NewsBoard
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassified NewsBoard (UNB) 1.5.3-d and possibly earlier versions, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the design_path parameter. NOTE: this is closely related, but a different vulnerability than the ABBC[Config][smileset] parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Unclassified NewsBoard <= 1.6.1 patch 1 Arbitrary Local Inclusion Exploit. CVE-2006-2405,CVE-2006-2406. Webapps exploit for php platform |
id | EDB-ID:1777 |
last seen | 2016-01-31 |
modified | 2006-05-11 |
published | 2006-05-11 |
reporter | rgod |
source | https://www.exploit-db.com/download/1777/ |
title | Unclassified NewsBoard <= 1.6.1 patch 1 - Arbitrary Local Inclusion Exploit |