CVE-2006-0714 | Vulnerability Database | Aqua Security

Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter.

Affected Software

Name	Vendor	Start Version	End Version
Flyspray	Flyspray	0.9.7 (including)	0.9.7 (including)
Flyspray	Ubuntu	dapper	*
Flyspray	Ubuntu	edgy	*
Flyspray	Ubuntu	feisty	*
Flyspray	Ubuntu	gutsy	*

References

http://retrogod.altervista.org/egs_10rc4_php5_incl_xpl.html
http://secunia.com/advisories/18847
http://securityreason.com/securityalert/432
http://www.securityfocus.com/archive/1/424902/100/0/threaded
http://www.securityfocus.com/bid/16618
http://www.vupen.com/english/advisories/2006/0569
https://exchange.xforce.ibmcloud.com/vulnerabilities/24735
http://retrogod.altervista.org/egs_10rc4_php5_incl_xpl.html
http://secunia.com/advisories/18847
http://securityreason.com/securityalert/432
http://www.securityfocus.com/archive/1/424902/100/0/threaded
http://www.securityfocus.com/bid/16618
http://www.vupen.com/english/advisories/2006/0569
https://exchange.xforce.ibmcloud.com/vulnerabilities/24735

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-0714
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html