CVE-2006-6257 - OpenCVE

The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Alternc	Alternc

Configuration 1 [-]

cpe:2.3:a:alternc:alternc:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/23144
http://securityreason.com/securityalert/1965
http://www.ground418.org/exploits/read.php?file=06-alternC-095.txt
http://www.securityfocus.com/archive/1/452988/100/0/threaded
http://www.securityfocus.com/bid/21355
http://www.vupen.com/english/advisories/2006/4851

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-04T11:00:00

Updated: 2024-08-07T20:19:35.103Z

Reserved: 2006-12-03T00:00:00

Link: CVE-2006-6257

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-12-04T11:28:00.000

Modified: 2018-10-17T21:47:28.440

Link: CVE-2006-6257

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-28T00:00:00", "descriptions": [{"lang": "en", "value": "The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20061128 Multiple Vulnerabilities in AlternC version 0.9.5", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/452988/100/0/threaded"}, {"name": "21355", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21355"}, {"name": "1965", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1965"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ground418.org/exploits/read.php?file=06-alternC-095.txt"}, {"name": "23144", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23144"}, {"name": "ADV-2006-4851", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4851"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6257", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20061128 Multiple Vulnerabilities in AlternC version 0.9.5", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/452988/100/0/threaded"}, {"name": "21355", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21355"}, {"name": "1965", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1965"}, {"name": "http://www.ground418.org/exploits/read.php?file=06-alternC-095.txt", "refsource": "MISC", "url": "http://www.ground418.org/exploits/read.php?file=06-alternC-095.txt"}, {"name": "23144", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23144"}, {"name": "ADV-2006-4851", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4851"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:19:35.103Z"}, "title": "CVE Program Container", "references": [{"name": "20061128 Multiple Vulnerabilities in AlternC version 0.9.5", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/452988/100/0/threaded"}, {"name": "21355", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21355"}, {"name": "1965", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1965"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ground418.org/exploits/read.php?file=06-alternC-095.txt"}, {"name": "23144", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23144"}, {"name": "ADV-2006-4851", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4851"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6257", "datePublished": "2006-12-04T11:00:00", "dateReserved": "2006-12-03T00:00:00", "dateUpdated": "2024-08-07T20:19:35.103Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:alternc:alternc:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8FAF661-CBCD-4392-88C9-F1A7949A84E8", "versionEndIncluding": "0.9.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message."}, {"lang": "es", "value": "El administrador de archivos en AlternC 0.9.5 y anteriores, cuando las advertencias (warnings) est\u00e1n habilitadas en PHP, permite a atacantes remotos obtener informaci\u00f3n sensible mediante determinados nombres de carpeta, tales como unos compuestos de c\u00f3digo JavaScript, lo cual revela la ruta en un mensaje de advertencia."}], "evaluatorSolution": "Successful exploitation requires that warnings are enabled in PHP.", "id": "CVE-2006-6257", "lastModified": "2018-10-17T21:47:28.440", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-04T11:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23144"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1965"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.ground418.org/exploits/read.php?file=06-alternC-095.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/452988/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/21355"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4851"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}