CVE-2006-0371 Information

Description

Directory traversal vulnerability in index.php in Noah Medling RCBlog 1.03 allows remote attackers to read arbitrary .txt files possibly including one that stores the administrator’s account name and password via a .. (dot dot) in the post parameter.

Reference

http://evuln.com/vulns/42/summary.html http://secunia.com/advisories/18547 http://securitytracker.com/id?1015523 http://www.fluffington.com/index.php?page=rcblog http://www.osvdb.org/22680 http://www.securityfocus.com/archive/1/422499/100/0/threaded http://www.securityfocus.com/archive/1/425392/100/0/threaded http://www.securityfocus.com/archive/1/436784/30/4500/threaded http://www.securityfocus.com/bid/16342 https://exchange.xforce.ibmcloud.com/vulnerabilities/24248 https://exchange.xforce.ibmcloud.com/vulnerabilities/27042