CVE-2006-6203
published 2006-12-01CVE-2006-6203: Directory traversal vulnerability in startdown.php in the Flyspray ME 1.0.1 (com_flyspray) component for Mambo allows remote attackers to read arbitrary files…
PriorityP430medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.30%
87.0th percentile
Directory traversal vulnerability in startdown.php in the Flyspray ME 1.0.1 (com_flyspray) component for Mambo allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| krishan | flyspray | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q2rp-39hj-c5w7: Directory traversal vulnerability in startdown
ghsa_unreviewed·2022-05-01
CVE-2006-6203 [MEDIUM] GHSA-q2rp-39hj-c5w7: Directory traversal vulnerability in startdown
Directory traversal vulnerability in startdown.php in the Flyspray ME 1.0.1 (com_flyspray) component for Mambo allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Red Hat
httpd: Garbage before http method name is not escaped in a reply in case of errorneous request
vendor_redhat·2007-11-30·CVSS 4.3
CVE-2007-6203 [MEDIUM] httpd: Garbage before http method name is not escaped in a reply in case of errorneous request
httpd: Garbage before http method name is not escaped in a reply in case of errorneous request
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
Statement: Red Hat does not consider this issue to be a vulnerability. In order to exploit this for cross-site scripting, the attacker would have to get the victim to supply an arbitrary malformed HTTP method to a target site. However, this has been fixed in Red Hat Enterp
No detection rules found.
http://secunia.com/advisories/23097http://www.securityfocus.com/bid/21315http://www.vupen.com/english/advisories/2006/4721https://exchange.xforce.ibmcloud.com/vulnerabilities/30497https://www.exploit-db.com/exploits/2852http://secunia.com/advisories/23097http://www.securityfocus.com/bid/21315http://www.vupen.com/english/advisories/2006/4721https://exchange.xforce.ibmcloud.com/vulnerabilities/30497https://www.exploit-db.com/exploits/2852
2006-12-01
Published