CVE-2006-1537 - OpenCVE

Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain sensitive information via a direct request to (1) includes/index.php, (2) tests/add_duration_test.php, (3) tests/all_tests.php, (4) groups.php, (5) nonusers.php, (6) includes/settings.php, (7) includes/init.php, (8) includes/settings.php.orig, (9) includes/js/admin.php, (10) includes/js/edit_entry.php, (11) includes/js/edit_layer.php, (12) includes/js/export_import.php, (13) includes/js/popups.php, (14) includes/js/pref.php, or (15) includes/menu/index.php, which reveal the path in various error messages.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Webcalendar	Webcalendar

Configuration 1 [-]

cpe:2.3:a:webcalendar:webcalendar:1.1.0:*:*:*:*:*:*:*

References

Link	Resource
http://securityreason.com/securityalert/651
http://www.osvdb.org/24522
http://www.osvdb.org/24523
http://www.osvdb.org/24524
http://www.osvdb.org/24525
http://www.osvdb.org/24526
http://www.osvdb.org/24527
http://www.osvdb.org/24528
http://www.osvdb.org/24529
http://www.osvdb.org/24530
http://www.osvdb.org/24531
http://www.osvdb.org/24532
http://www.osvdb.org/24533
http://www.osvdb.org/24534
http://www.osvdb.org/24535
http://www.osvdb.org/24536
http://www.securityfocus.com/archive/1/429267/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/25539

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-03-30T11:00:00

Updated: 2018-10-18T14:57:01

Reserved: 2006-03-30T00:00:00

Link: CVE-2006-1537

JSON object: View

NVD Information

Status : Modified

Published: 2006-03-30T11:02:00.000

Modified: 2018-10-18T16:33:17.920

Link: CVE-2006-1537

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-03-29T00:00:00", "descriptions": [{"lang": "en", "value": "Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain sensitive information via a direct request to (1) includes/index.php, (2) tests/add_duration_test.php, (3) tests/all_tests.php, (4) groups.php, (5) nonusers.php, (6) includes/settings.php, (7) includes/init.php, (8) includes/settings.php.orig, (9) includes/js/admin.php, (10) includes/js/edit_entry.php, (11) includes/js/edit_layer.php, (12) includes/js/export_import.php, (13) includes/js/popups.php, (14) includes/js/pref.php, or (15) includes/menu/index.php, which reveal the path in various error messages."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "24523", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24523"}, {"name": "24535", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24535"}, {"name": "651", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/651"}, {"name": "24534", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24534"}, {"name": "24526", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24526"}, {"name": "20060329 Full path disclosure in Webcalendar 1.1.0-CVS", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/429267/100/0/threaded"}, {"name": "24531", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24531"}, {"name": "24529", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24529"}, {"name": "24524", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24524"}, {"name": "24528", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24528"}, {"name": "24525", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24525"}, {"name": "webcalendar-multiple-path-disclosure(25539)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25539"}, {"name": "24533", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24533"}, {"name": "24532", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24532"}, {"name": "24530", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24530"}, {"name": "24527", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24527"}, {"name": "24522", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24522"}, {"name": "24536", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/24536"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1537", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain sensitive information via a direct request to (1) includes/index.php, (2) tests/add_duration_test.php, (3) tests/all_tests.php, (4) groups.php, (5) nonusers.php, (6) includes/settings.php, (7) includes/init.php, (8) includes/settings.php.orig, (9) includes/js/admin.php, (10) includes/js/edit_entry.php, (11) includes/js/edit_layer.php, (12) includes/js/export_import.php, (13) includes/js/popups.php, (14) includes/js/pref.php, or (15) includes/menu/index.php, which reveal the path in various error messages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "24523", "refsource": "OSVDB", "url": "http://www.osvdb.org/24523"}, {"name": "24535", "refsource": "OSVDB", "url": "http://www.osvdb.org/24535"}, {"name": "651", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/651"}, {"name": "24534", "refsource": "OSVDB", "url": "http://www.osvdb.org/24534"}, {"name": "24526", "refsource": "OSVDB", "url": "http://www.osvdb.org/24526"}, {"name": "20060329 Full path disclosure in Webcalendar 1.1.0-CVS", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/429267/100/0/threaded"}, {"name": "24531", "refsource": "OSVDB", "url": "http://www.osvdb.org/24531"}, {"name": "24529", "refsource": "OSVDB", "url": "http://www.osvdb.org/24529"}, {"name": "24524", "refsource": "OSVDB", "url": "http://www.osvdb.org/24524"}, {"name": "24528", "refsource": "OSVDB", "url": "http://www.osvdb.org/24528"}, {"name": "24525", "refsource": "OSVDB", "url": "http://www.osvdb.org/24525"}, {"name": "webcalendar-multiple-path-disclosure(25539)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25539"}, {"name": "24533", "refsource": "OSVDB", "url": "http://www.osvdb.org/24533"}, {"name": "24532", "refsource": "OSVDB", "url": "http://www.osvdb.org/24532"}, {"name": "24530", "refsource": "OSVDB", "url": "http://www.osvdb.org/24530"}, {"name": "24527", "refsource": "OSVDB", "url": "http://www.osvdb.org/24527"}, {"name": "24522", "refsource": "OSVDB", "url": "http://www.osvdb.org/24522"}, {"name": "24536", "refsource": "OSVDB", "url": "http://www.osvdb.org/24536"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1537", "datePublished": "2006-03-30T11:00:00", "dateReserved": "2006-03-30T00:00:00", "dateUpdated": "2018-10-18T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webcalendar:webcalendar:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D3978222-2030-429A-99D0-C79BAABBF746", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain sensitive information via a direct request to (1) includes/index.php, (2) tests/add_duration_test.php, (3) tests/all_tests.php, (4) groups.php, (5) nonusers.php, (6) includes/settings.php, (7) includes/init.php, (8) includes/settings.php.orig, (9) includes/js/admin.php, (10) includes/js/edit_entry.php, (11) includes/js/edit_layer.php, (12) includes/js/export_import.php, (13) includes/js/popups.php, (14) includes/js/pref.php, or (15) includes/menu/index.php, which reveal the path in various error messages."}], "id": "CVE-2006-1537", "lastModified": "2018-10-18T16:33:17.920", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-03-30T11:02:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/651"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24522"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24523"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24524"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24525"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24526"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24527"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24528"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24529"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24530"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24531"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24532"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24533"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24534"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24535"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/24536"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/429267/100/0/threaded"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25539"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}