Launchpad.net

CVE 2006-2406

Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassified NewsBoard (UNB) 1.5.3-d and possibly earlier versions, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the design_path parameter. NOTE: this is closely related, but a different vulnerability than the ABBC[Config][smileset] parameter.

Related bugs and status

CVE-2006-2406 (Candidate) is related to these bugs:

Bug #473707: Please update clamav to 0.95.3

		In	Importance	Status
473707	Please update clamav to 0.95.3	clamav (Ubuntu)	Medium	Fix Released
473707	Please update clamav to 0.95.3	clamav (Ubuntu Jaunty)	Medium	Fix Released
473707	Please update clamav to 0.95.3	clamav (Ubuntu Karmic)	Medium	Fix Released
473707	Please update clamav to 0.95.3	clamav (Ubuntu Lucid)	Medium	Fix Released
473707	Please update clamav to 0.95.3	Intrepid Ibex Backports	Medium	Fix Released
473707	Please update clamav to 0.95.3	Hardy Backports	Medium	Fix Released
473707	Please update clamav to 0.95.3	Dapper Backports	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2006-2406

Related bugs and status

Related bugs

References