Executive Summary

Informations
NameCVE-2006-2832First vendor Publication2006-06-05
VendorCveLast vendor Modification2008-09-05

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Cvss Base Score2.6Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityHigh
Cvss Expoit Score4.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2832

CPE : Common Platform Enumeration

TypeDescriptionCount
Application11

OpenVAS Exploits

DateDescription
2008-01-17Name : Debian Security Advisory DSA 1125-1 (drupal)
File : nvt/deb_1125_1.nasl
2008-01-17Name : Debian Security Advisory DSA 1125-2 (drupal)
File : nvt/deb_1125_2.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
27595Drupal upload.module Filename XSS

Nessus® Vulnerability Scanner

DateDescription
2006-10-14Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1125.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/18245
BUGTRAQhttp://www.securityfocus.com/archive/1/archive/1/435792/100/0/threaded
CONFIRMhttp://drupal.org/files/sa-2006-007/advisory.txt
http://drupal.org/node/66763
DEBIANhttp://www.debian.org/security/2006/dsa-1125
SECUNIAhttp://secunia.com/advisories/21244
SREASONhttp://securityreason.com/securityalert/1042

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:36:06
  • Multiple Updates
2013-05-11 10:59:21
  • Multiple Updates