Lucene search

MitreCVE-2006-6994

HistoryFeb 12, 2007 - 11:28 a.m.

CVE-2006-6994

2007-02-1211:28:00

CWE-434

mitre

web.nvd.nist.gov

vulnerability

file upload

security

ozzywork gallery

remote attack

nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

7.5

Confidence

High

EPSS

0.074

Percentile

94.2%

JSON

Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier, allows remote attackers to upload and execute arbitrary ASP files by removing the client-side security checks.

Affected configurations

Nvd

Node

indirmax.orgozzywork_galeriRange≤2.0

VendorProductVersionCPE
indirmax.orgozzywork_galeri*cpe:2.3:a:indirmax.org:ozzywork_galeri:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
indirmax.org	ozzywork_galeri	*	cpe:2.3:a:indirmax.org:ozzywork_galeri::::::::

References

marc.info/?l=bugtraq&m=114723238307299&w=2

secunia.com/advisories/20049

www.osvdb.org/25427

www.securityfocus.com/bid/17946

www.vupen.com/english/advisories/2006/1768

exchange.xforce.ibmcloud.com/vulnerabilities/26365

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

7.5

Confidence

High

EPSS

0.074

Percentile

94.2%

JSON

Related for CVE-2006-6994