CVE-2006-6350 - Vulnerability Details - OpenCVE

listpics 5 stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for listpics.mdb.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Iisworks	Listpics

Configuration 1 [-]

cpe:2.3:a:iisworks:listpics:5.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/23210
http://www.securityfocus.com/archive/1/453416/100/0/threaded
http://www.vupen.com/english/advisories/2006/4847
https://exchange.xforce.ibmcloud.com/vulnerabilities/30713

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-07T01:00:00

Updated: 2024-08-07T20:26:45.151Z

Reserved: 2006-12-06T00:00:00

Link: CVE-2006-6350

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-12-07T01:28:00.000

Modified: 2024-11-21T00:22:28.280

Link: CVE-2006-6350

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-12-02T00:00:00", "descriptions": [{"lang": "en", "value": "listpics 5 stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for listpics.mdb."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-4847", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4847"}, {"name": "20061202 listpics v5", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/453416/100/0/threaded"}, {"name": "listpics-mdb-information-disclosure(30713)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30713"}, {"name": "23210", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23210"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6350", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "listpics 5 stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for listpics.mdb."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-4847", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4847"}, {"name": "20061202 listpics v5", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/453416/100/0/threaded"}, {"name": "listpics-mdb-information-disclosure(30713)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30713"}, {"name": "23210", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23210"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:26:45.151Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-4847", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4847"}, {"name": "20061202 listpics v5", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/453416/100/0/threaded"}, {"name": "listpics-mdb-information-disclosure(30713)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30713"}, {"name": "23210", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23210"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6350", "datePublished": "2006-12-07T01:00:00", "dateReserved": "2006-12-06T00:00:00", "dateUpdated": "2024-08-07T20:26:45.151Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:iisworks:listpics:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "C57D8B7D-EA16-4D45-8F0F-B1C0EDD35341", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "listpics 5 stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for listpics.mdb."}, {"lang": "es", "value": "listpics 5 almacena informaci\u00f3n sensible bajo la ra\u00edz de los documento web con control de acceso insuficiente, lo cual permite a atacantes remotos bajarse una base de datos con una petici\u00f3n directa a listpics.mdb."}], "id": "CVE-2006-6350", "lastModified": "2024-11-21T00:22:28.280", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-07T01:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23210"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/453416/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4847"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30713"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23210"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/453416/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4847"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30713"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}