CVE-2006-2398
published 2006-05-16CVE-2006-2398: Directory traversal vulnerability in index.php in GPhotos 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rep…
PriorityP432medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
4.23%
89.8th percentile
Directory traversal vulnerability in index.php in GPhotos 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rep parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gphotos | gphotos | <= 1.5 | — |
| gphotos | gphotos | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mv27-mx2x-hxr7: Directory traversal vulnerability in index
ghsa_unreviewed·2022-05-01
CVE-2006-2398 [MEDIUM] GHSA-mv27-mx2x-hxr7: Directory traversal vulnerability in index
Directory traversal vulnerability in index.php in GPhotos 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rep parameter.
Red Hat
kernel: f2fs: zone: fix to avoid inconsistence in between SIT and SSA
vendor_redhat·2025-07-03·CVSS 5.5
CVE-2025-38164 [MEDIUM] kernel: f2fs: zone: fix to avoid inconsistence in between SIT and SSA
kernel: f2fs: zone: fix to avoid inconsistence in between SIT and SSA
In the Linux kernel, the following vulnerability has been resolved:
f2fs: zone: fix to avoid inconsistence in between SIT and SSA
w/ below testcase, it will cause inconsistence in between SIT and SSA.
create_null_blk 512 2 1024 1024
mkfs.f2fs -m /dev/nullb0
mount /dev/nullb0 /mnt/f2fs/
touch /mnt/f2fs/file
f2fs_io pinfile set /mnt/f2fs/file
fallocate -l 4GiB /mnt/f2fs/file
F2FS-fs (nullb0): Inconsistent segment (0) type [1, 0] in SSA and SIT
CPU: 5 UID: 0 PID: 2398 Comm: fallocate Tainted: G O 6.13.0-rc1 #84
Tainted: [O]=OOT_MODULE
Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
Call Trace:
dump_stack_lvl+0xb3/0xd0
dump_stack+0x14/0x20
f2fs_handle_critical_error+0x18c/0x220 [f2fs]
f2fs_sto
No detection rules found.
http://secunia.com/advisories/20095http://securityreason.com/securityalert/906http://www.osvdb.org/25500http://www.securityfocus.com/archive/1/433936/100/0/threadedhttp://www.securityfocus.com/archive/1/452025/100/200/threadedhttp://www.securityfocus.com/archive/1/452099/100/200/threadedhttp://www.securityfocus.com/bid/17967http://www.vupen.com/english/advisories/2006/1806https://exchange.xforce.ibmcloud.com/vulnerabilities/26428http://secunia.com/advisories/20095http://securityreason.com/securityalert/906http://www.osvdb.org/25500http://www.securityfocus.com/archive/1/433936/100/0/threadedhttp://www.securityfocus.com/archive/1/452025/100/200/threadedhttp://www.securityfocus.com/archive/1/452099/100/200/threadedhttp://www.securityfocus.com/bid/17967http://www.vupen.com/english/advisories/2006/1806https://exchange.xforce.ibmcloud.com/vulnerabilities/26428
2006-05-16
Published