CVE-2006-0371 | Vulnerability Database | Aqua Security

Directory traversal vulnerability in index.php in Noah Medling RCBlog 1.03 allows remote attackers to read arbitrary .txt files, possibly including one that stores the administrators account name and password, via a .. (dot dot) in the post parameter.

Affected Software

Name	Vendor	Start Version	End Version
Rcblog	Noah_medling	1.03 (including)	1.03 (including)

References

http://evuln.com/vulns/42/summary.html
http://secunia.com/advisories/18547
http://securitytracker.com/id?1015523
http://www.fluffington.com/index.php?page=rcblog
http://www.osvdb.org/22680
http://www.securityfocus.com/archive/1/422499/100/0/threaded
http://www.securityfocus.com/archive/1/425392/100/0/threaded
http://www.securityfocus.com/archive/1/436784/30/4500/threaded
http://www.securityfocus.com/bid/16342
https://exchange.xforce.ibmcloud.com/vulnerabilities/24248
https://exchange.xforce.ibmcloud.com/vulnerabilities/27042
http://evuln.com/vulns/42/summary.html
http://secunia.com/advisories/18547
http://securitytracker.com/id?1015523
http://www.fluffington.com/index.php?page=rcblog
http://www.osvdb.org/22680
http://www.securityfocus.com/archive/1/422499/100/0/threaded
http://www.securityfocus.com/archive/1/425392/100/0/threaded
http://www.securityfocus.com/archive/1/436784/30/4500/threaded
http://www.securityfocus.com/bid/16342
https://exchange.xforce.ibmcloud.com/vulnerabilities/24248
https://exchange.xforce.ibmcloud.com/vulnerabilities/27042

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-0371
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html