Vulnerabilities > CVE-2006-6779 - Unspecified vulnerability in Jelsoft Vbulletin
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript. Successful exploitation requires the ability to upload SWF files, which is disabled by default, and must be enabled by site administrators.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 8 |
Exploit-Db
description | VBulletin 3.5.x/3.6.x SWF Script Injection Vulnerability. CVE-2006-6779. Webapps exploit for php platform |
id | EDB-ID:29338 |
last seen | 2016-02-03 |
modified | 2006-12-25 |
published | 2006-12-25 |
reporter | Ashraf Morad |
source | https://www.exploit-db.com/download/29338/ |
title | VBulletin 3.5.x/3.6.x SWF Script Injection Vulnerability |
References
- http://securityreason.com/securityalert/2084
- http://www.securityfocus.com/archive/1/455265/100/0/threaded
- http://www.securityfocus.com/archive/1/455351/100/0/threaded
- http://www.securityfocus.com/archive/1/455414/100/0/threaded
- http://www.securityfocus.com/bid/21736
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31119