Lucene search

[email protected]CVE-2006-2964

HistoryJun 12, 2006 - 8:06 p.m.

CVE-2006-2964

2006-06-1220:06:00

[email protected]

web.nvd.nist.gov

cve-2006-2964

xtreme scripts

download manager

php

rfi

vulnerabilities

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.137 Low

EPSS

Percentile

95.7%

JSON

Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts Download Manager (aka Xtreme Downloads) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) download.php, (2) manager.php, (3) admin/scripts/category.php, (4) includes/add_allow.php, (5) admin/index.php, and (6) admin/admin/login.php.

Affected configurations

NVD

Node

xtreme_scriptsdownload_managerMatch1.0

CPENameOperatorVersion
xtreme_scripts:download_managerxtreme scripts download managereq1.0

CPE	Name	Operator	Version
xtreme_scripts:download_manager	xtreme scripts download manager	eq	1.0

References

securityreason.com/securityalert/1072

www.osvdb.org/26643

www.osvdb.org/26644

www.osvdb.org/26645

www.osvdb.org/26646

www.osvdb.org/26647

www.osvdb.org/26648

www.securityfocus.com/archive/1/436104/100/0/threaded

www.securityfocus.com/archive/1/436107/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/26961

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.137 Low

EPSS

Percentile

95.7%

JSON

Related for CVE-2006-2964

nvd1 cvelist1 prion1