CVE-2006-6814 : Directory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticat

Directory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via ..\ (dot dot backslash) sequences in the BrowsePath parameter.

Published 2006-12-29 11:28:00

Updated 2011-03-08 02:47:06

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Exploit prediction scoring system (EPSS) score for CVE-2006-6814

Probability of exploitation activity in the next 30 days: 0.66%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-6814

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.3	MEDIUM	AV:N/AC:M/Au:S/C:C/I:N/A:N	6.8	6.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Complete Integrity Impact: None Availability Impact: None

References for CVE-2006-6814

http://www.vupen.com/english/advisories/2007/0023
http://securitytracker.com/id?1017447

Exploit
http://www.kapda.ir/advisory-458.html

Exploit;Vendor Advisory
http://www.securityfocus.com/bid/21786

Exploit

Products affected by CVE-2006-6814

Hosting Controller » Hosting Controller » Version: 7C
cpe:2.3:a:hosting_controller:hosting_controller:7c:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2006-6814

Exploit prediction scoring system (EPSS) score for CVE-2006-6814

CVSS scores for CVE-2006-6814

References for CVE-2006-6814

Products affected by CVE-2006-6814