Vulnerabilities > CVE-2006-6381 - Directory Traversal vulnerability in Ultimate HelpDesk

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
ultimate-helpdesk
exploit available
NVD
Published: 2006-12-07
Updated: 2017-10-19

Summary

Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.

Vulnerable Configurations

Part Description Count
Application
Ultimate_Helpdesk
1

Exploit-Db

descriptionUltimate HelpDesk (XSS/Local File Disclosure) Vulnerabilities. CVE-2006-6380,CVE-2006-6381. Webapps exploit for asp platform
fileexploits/asp/webapps/2881.txt
idEDB-ID:2881
last seen2016-01-31
modified2006-12-01
platformasp
port
published2006-12-01
reporterajann
sourcehttps://www.exploit-db.com/download/2881/
titleUltimate HelpDesk XSS/Local File Disclosure Vulnerabilities
typewebapps

References