CVE-2006-2832

Executive Summary

Informations
Name	CVE-2006-2832	First vendor Publication	2006-06-05
Vendor	Cve	Last vendor Modification	2008-09-05

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Cvss Base Score	2.6	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	High
Cvss Expoit Score	4.9	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2832

CPE : Common Platform Enumeration

Type	Description	Count
Application	Drupal Drupal cpe:/a:drupal:drupal:4.7.1 cpe:/a:drupal:drupal:4.7.0 cpe:/a:drupal:drupal:4.6.7 cpe:/a:drupal:drupal:4.6.6 cpe:/a:drupal:drupal:4.6.5 cpe:/a:drupal:drupal:4.6.4 cpe:/a:drupal:drupal:4.6.3 cpe:/a:drupal:drupal:4.6.2 cpe:/a:drupal:drupal:4.6.1 cpe:/a:drupal:drupal:4.6.0 cpe:/a:drupal:drupal:4.6	11

Open Source Vulnerability Database (OSVDB)

id	Description
27595	Drupal upload.module Filename XSS

Internal Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/18245
BUGTRAQ	http://www.securityfocus.com/archive/1/archive/1/435792/100/0/threaded
CONFIRM	http://drupal.org/files/sa-2006-007/advisory.txt http://drupal.org/node/66763
DEBIAN	http://www.debian.org/security/2006/dsa-1125
SECUNIA	http://secunia.com/advisories/21244
SREASON	http://securityreason.com/securityalert/1042

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 10:59:21	Multiple Updates

Related	Severity
DSA-1125	(High)

Same Subject	Severity
Login to view 4 more Alert(s)

Copyright Security-Database 2006-2013 - Powered by themself ;) in 0.0269s

Facebook rss twitter linkedin mail