Vulnerabilities > CVE-2006-6382 - Unspecified vulnerability in Positive Software H-Sphere 2.4.3

CVSS 6.8 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

positive-software

NVD

Published: 2006-12-07

Updated: 2017-07-29

Summary

The control panel for Positive Software H-Sphere before 2.5.0 RC3 creates log files in a user's directory with insecure permissions, which allows local users to append log data to arbitrary files via a symlink attack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Configurations

Part	Description	Count
Application	Positive_Software Positive Software H Sphere 2.4.3	1

References

http://secunia.com/advisories/23199
http://www.securityfocus.com/bid/21436
https://exchange.xforce.ibmcloud.com/vulnerabilities/30753