CVE-2006-2100
published 2006-04-29CVE-2006-2100: Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image.
PriorityP343high7.8CVSS 2.0
AVNACLAuNCCINAN
EXPLOIT
EPSS
3.72%
88.4th percentile
Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| magic_iso_maker | magic_iso_maker | <= 5.0_build_0166 | — |
| magic_iso_maker | magic_iso_maker | <= 5.2_build_190 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
BlueSocket BSC 2100 5.0/5.1 - Admin.pl Cross-Site Scripting
exploitdb·2006-12-04
CVE-2006-6363 BlueSocket BSC 2100 5.0/5.1 - Admin.pl Cross-Site Scripting
BlueSocket BSC 2100 5.0/5.1 - Admin.pl Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21419/info
BlueSocket BSC 2100 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects versions prior to 5.2 and versions without the 5.1.1-BluePatch fix.
https://www.example.com/admin.pl?ad_name=%22%3E%3Ch1%3EXSS%20BUG%3C/h1%3E%3C!--
Exploit-DB
magiciso 5.0 build 0166 - Directory Traversal
exploitdb·2006-04-28
CVE-2006-2100 magiciso 5.0 build 0166 - Directory Traversal
magiciso 5.0 build 0166 - Directory Traversal
---
source: https://www.securityfocus.com/bid/17725/info
Reportedly, an attacker can carry out attacks using directory-traversal strings. These issues occur when the application processes malicious archives.
A successful attack can allow the attacker to place potentially malicious files and to overwrite files on a computer in the context of the user running the affected application. A successful exploit may aid in further attacks.
This issue affects MagicISO version 5.0 Build 0166; other versions may also be affected.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/27746.iso.bin
No writeups or analysis indexed.
http://secunia.com/advisories/19864http://securityreason.com/securityalert/815http://securitytracker.com/id?1016007http://secway.org/advisory/AD20060428.txthttp://www.securityfocus.com/archive/1/432359/100/0/threadedhttp://www.securityfocus.com/bid/17725http://www.vupen.com/english/advisories/2006/1568https://exchange.xforce.ibmcloud.com/vulnerabilities/26140http://secunia.com/advisories/19864http://securityreason.com/securityalert/815http://securitytracker.com/id?1016007http://secway.org/advisory/AD20060428.txthttp://www.securityfocus.com/archive/1/432359/100/0/threadedhttp://www.securityfocus.com/bid/17725http://www.vupen.com/english/advisories/2006/1568https://exchange.xforce.ibmcloud.com/vulnerabilities/26140
2006-04-29
Published