>> AlternC Multiple Parameter Directory Traversal and Cross Site Scripting Vulnerabilities
Title : AlternC Multiple Parameter Directory Traversal and Cross Site Scripting Vulnerabilities VUPEN ID : VUPEN/ADV-2006-4851 CVE ID : CVE-2006-6256 - CVE-2006-6257 - CVE-2006-6258 - CVE-2006-6259
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-12-05
Technical Description
Multiple vulnerabilities have been identified in AlternC, which could be exploited by remote attackers to execute arbitrary scripting code, disclose sensitive information, or create arbitrary files and directories. These flaws are due to input validation errors in various scripts (e.g. "admin/bro_main.php", "class/functions.php", and "class/m_bro.php") that do not validate user-supplied parameters, which could be exploited to conduct cross site scripting and directory traversal attacks, or gain knowledge of sensitive information (e.g. passwords).
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
