CyberSec.Space Logo
Back to CVE Browser

CVE-2006-6259

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1580%
EPSS Percentile2.76th
PublishedDec 4, 2006
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple directory traversal vulnerabilities in (a) class/functions.php and (b) class/m_bro.php in AlternC 0.9.5 and earlier allow remote attackers to (1) create arbitrary files and directories via a .. (dot dot) in the "create name" field and (2) read arbitrary files via a .. (dot dot) in the "web root" field when configuring a subdomain.

Affected Platforms (CPE)

πŸ“¦
Alternc

Alternc

<= 0.9.5

References & Advisories

πŸ”— http://dev.alternc.org/trac/alternc/changeset/1737
πŸ”— http://dev.alternc.org/trac/alternc/changeset/1738
πŸ”— http://dev.alternc.org/trac/alternc/changeset/1742
πŸ”— http://secunia.com/advisories/23144
πŸ”— http://securityreason.com/securityalert/1965
πŸ”— http://www.ground418.org/exploits/read.php?file=06-alternC-095.txt
πŸ”— http://www.securityfocus.com/archive/1/452988/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/21355

Related Vulnerabilities

CVE-2006-62589.3

The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remot...

CVE-2006-62566.8

Cross-site scripting (XSS) vulnerability in the file manager in admin/bro_main.php in AlternC 0.9.5 and earlier allows remote atta...

CVE-2006-62576.8

The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive infor...

CVE-2006-446110.0

Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the pr...