Vulnerabilities > CVE-2006-6259 - Input Validation vulnerability in AlternC
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple directory traversal vulnerabilities in (a) class/functions.php and (b) class/m_bro.php in AlternC 0.9.5 and earlier allow remote attackers to (1) create arbitrary files and directories via a .. (dot dot) in the "create name" field and (2) read arbitrary files via a .. (dot dot) in the "web root" field when configuring a subdomain.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://dev.alternc.org/trac/alternc/changeset/1737
- http://dev.alternc.org/trac/alternc/changeset/1738
- http://dev.alternc.org/trac/alternc/changeset/1742
- http://secunia.com/advisories/23144
- http://securityreason.com/securityalert/1965
- http://www.ground418.org/exploits/read.php?file=06-alternC-095.txt
- http://www.securityfocus.com/archive/1/452988/100/0/threaded
- http://www.securityfocus.com/bid/21355
- http://www.vupen.com/english/advisories/2006/4851
- https://dev.alternc.org/trac/alternc/milestone/0.9.6
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30626