Executive Summary

Name CVE-2006-6994 First vendor Publication 2007-02-12
Vendor Cve Last vendor Modification 2017-07-29

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:P)
Cvss Base Score 6.4 Attack Range Network
Cvss Impact Score 4.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier, allows remote attackers to upload and execute arbitrary ASP files by removing the client-side security checks.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6994

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC-21 Exploitation of Session Variables, Resource IDs and other Trusted Credentials
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-63 Simple Script Injection
CAPEC-122 Exploitation of Authorization
CAPEC-162 Manipulating hidden fields to change the normal flow of transactions (eShopli...
CAPEC-202 Create Malicious Client
CAPEC-207 Removing Important Functionality from the Client
CAPEC-208 Removing/short-circuiting 'Purse' logic: removing/mutating 'ca...

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-254 Security Features

Open Source Vulnerability Database (OSVDB)

Id Description
25427 OzzyWork Galeri add.asp Arbitrary File Upload

OzzyWork contains a flaw that may allow a malicious user to upload arbitray files. The issue is caused by improper file extensions checks in add.asp. It is possible that the flaw may allow an attacker to upload and execute arbitrary ASP code resulting in a loss of integrity.

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/17946
BUGTRAQ http://marc.info/?l=bugtraq&m=114723238307299&w=2
OSVDB http://www.osvdb.org/25427
SECUNIA http://secunia.com/advisories/20049
VUPEN http://www.vupen.com/english/advisories/2006/1768
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/26365

Alert History

If you want to see full details history, please login or register.
Date Informations
2020-05-23 00:18:57
  • Multiple Updates
2017-07-29 12:01:52
  • Multiple Updates
2016-11-19 00:24:04
  • Multiple Updates
2016-10-18 12:02:11
  • Multiple Updates
2016-06-28 16:02:16
  • Multiple Updates
2016-04-26 15:31:42
  • Multiple Updates
2013-05-11 11:18:35
  • Multiple Updates