CVE-2006-0777

Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to execute arbitrary shell commands via the email parameter, possibly involving shell metacharacters.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.evuln.com/vulns/76/summary.html	Vendor Advisory
http://www.osvdb.org/23183
http://www.securityfocus.com/bid/16711
http://secunia.com/advisories/18927
http://securityreason.com/securityalert/489
http://www.vupen.com/english/advisories/2006/0640
https://exchange.xforce.ibmcloud.com/vulnerabilities/24645
http://www.securityfocus.com/archive/1/425970/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:teca_scripts:guestex:1.0:*:*:*:*:*:*:*

Information

Published : 2006-02-18 16:02

Updated : 2018-10-19 08:46

NVD link : CVE-2006-0777

Mitre link : CVE-2006-0777

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

teca_scripts

guestex

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.evuln.com/vulns/76/summary.html", "name": "http://www.evuln.com/vulns/76/summary.html", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.osvdb.org/23183", "name": "23183", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.securityfocus.com/bid/16711", "name": "16711", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/18927", "name": "18927", "tags": [], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/489", "name": "489", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/0640", "name": "ADV-2006-0640", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24645", "name": "guestex-script-execute-code(24645)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/425970/100/0/threaded", "name": "20060224 [eVuln] Guestex Shell Command Execution Vulnerability", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to execute arbitrary shell commands via the email parameter, possibly involving shell metacharacters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-0777", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-02-19T00:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:teca_scripts:guestex:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-19T15:46Z"}