Vulnerabilities > CVE-2006-6865 - Directory Traversal vulnerability in Softartisans Fileup 5.0.14
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp (SAFileUp) 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae. (Unicode dot dot) in the path parameter, which bypasses the checks for ".." sequences.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | SoftArtisans SAFileUp 5.0.14 (viewsrc.asp) Script Source Disclosure. CVE-2006-6865. Webapps exploit for asp platform |
| file | exploits/asp/webapps/3046.txt |
| id | EDB-ID:3046 |
| last seen | 2016-01-31 |
| modified | 2006-12-30 |
| platform | asp |
| port | |
| published | 2006-12-30 |
| reporter | Inge Henriksen |
| source | https://www.exploit-db.com/download/3046/ |
| title | SoftArtisans SAFileUp 5.0.14 viewsrc.asp Script Source Disclosure |
| type | webapps |
References
- http://ingehenriksen.blogspot.com/2006/12/softartisans-fileup-viewsrcasp-remote.html
- http://securityreason.com/securityalert/2094
- http://www.securityfocus.com/archive/1/455549/100/0/threaded
- http://www.securityfocus.com/bid/21821
- http://www.vupen.com/english/advisories/2007/0014
- https://www.exploit-db.com/exploits/3046