CVE-2006-6510

An unspecified ActiveX control in SiteKiosk before 6.5.150 is installed "safe for scripting", which allows local users to bypass security protections and read arbitrary files via certain functions.

CVSS v2.0 1.7 LOW

1.7^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.sitekiosk.com/th_support/versions/index.php3?id=39	Patch
http://www.securityfocus.com/bid/21567	Patch
http://secunia.com/advisories/23253
http://www.vupen.com/english/advisories/2006/4985
https://exchange.xforce.ibmcloud.com/vulnerabilities/30878
http://www.securityfocus.com/archive/1/454185/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sitekiosk:sitekiosk:4.9.11:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.238:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.248:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.41:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.5.34:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.5.35:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:6.5.149:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:4.97.0:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.19:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.36:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.38:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.264:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:6.2.51:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:4.96.0:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:6.0.14:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.35:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.5.45:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:6.0.98_final:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.5.39:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:4.96.3:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.26:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:4.9.14:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.32:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.5.36:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:4.96:::::::*

Information

Published : 2006-12-13 16:28

Updated : 2018-10-17 14:49

NVD link : CVE-2006-6510

Mitre link : CVE-2006-6510

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

sitekiosk

sitekiosk

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.sitekiosk.com/th_support/versions/index.php3?id=39", "name": "http://www.sitekiosk.com/th_support/versions/index.php3?id=39", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/21567", "name": "21567", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/23253", "name": "23253", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2006/4985", "name": "ADV-2006-4985", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30878", "name": "sitekiosk-activex-information-disclosure(30878)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/454185/100/0/threaded", "name": "20061211 [SBDA] SiteKiosk - FileSystem Access", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An unspecified ActiveX control in SiteKiosk before 6.5.150 is installed \"safe for scripting\", which allows local users to bypass security protections and read arbitrary files via certain functions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-6510", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 1.7, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-12-14T00:28Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:4.9.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.238:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.248:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:6.5.149:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:4.97.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.264:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:6.2.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:4.96.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:6.0.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:6.0.98_final:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:4.96.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:4.9.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sitekiosk:sitekiosk:4.96:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:49Z"}