Vulnerability CVE-2006-0044


Published: 2006-01-17   Modified: 2012-02-12

Description:
Unspecified vulnerability in context.py in Albatross web application toolkit before 1.33 allows remote attackers to execute arbitrary commands via unspecified vectors involving template files and the "handling of submitted form fields".

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Albatross -> Albatross 

 References:
http://security.debian.org/pool/updates/main/a/albatross/albatross_1.20-2.diff.gz
http://www.debian.org/security/2006/dsa-942
http://www.object-craft.com.au/projects/albatross/news.html
http://www.securityfocus.com/bid/16252
http://www.vupen.com/english/advisories/2006/0196
https://exchange.xforce.ibmcloud.com/vulnerabilities/24130

Copyright 2020, cxsecurity.com

 

Back to Top