CVE-2006-3695 Information
Description
Trac before 0.9.6 does not disable the \raw\ or \include\ commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils which allows remote attackers to read arbitrary files perform cross-site scripting (XSS) attacks or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.
Reference
http://secunia.com/advisories/20958 http://secunia.com/advisories/21534 http://securitytracker.com/id?1016457 http://trac.edgewall.org/wiki/ChangeLog http://www.debian.org/security/2006/dsa-1152 http://www.securityfocus.com/bid/18323 http://www.vupen.com/english/advisories/2006/2729 https://exchange.xforce.ibmcloud.com/vulnerabilities/27706 https://exchange.xforce.ibmcloud.com/vulnerabilities/27708
Share on: