CVE-2006-6513

The CControl::Download function (/dl URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to download arbitrary file types under the root via a trailing "." (dot) in a filename in the file parameter, related to erroneous behavior of the IsWinampFile function.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:P/I:N/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://aluigi.altervista.org/adv/wawix-adv.txt	Exploit
http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051217.html	Exploit
http://secunia.com/advisories/23292	Exploit Vendor Advisory
http://securityreason.com/securityalert/2032
http://securitytracker.com/id?1017362	Exploit
http://www.securityfocus.com/archive/1/454059/100/0/threaded
http://www.securityfocus.com/bid/21539
http://www.vupen.com/english/advisories/2006/4935
https://exchange.xforce.ibmcloud.com/vulnerabilities/30829
http://aluigi.altervista.org/adv/wawix-adv.txt	Exploit
http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051217.html	Exploit
http://secunia.com/advisories/23292	Exploit Vendor Advisory
http://securityreason.com/securityalert/2032
http://securitytracker.com/id?1017362	Exploit
http://www.securityfocus.com/archive/1/454059/100/0/threaded
http://www.securityfocus.com/bid/21539
http://www.vupen.com/english/advisories/2006/4935
https://exchange.xforce.ibmcloud.com/vulnerabilities/30829

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:flippet.org:winamp_web_interface::::::::
	cpe:2.3:a:flippet.org:winamp_web_interface:7.5.9:::::::*
	cpe:2.3:a:flippet.org:winamp_web_interface:7.5.11:::::::*

History

21 Nov 2024, 00:22

Type	Values Removed	Values Added
References	~~() http://aluigi.altervista.org/adv/wawix-adv.txt - Exploit~~	() http://aluigi.altervista.org/adv/wawix-adv.txt - Exploit
References	~~() http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051217.html - Exploit~~	() http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051217.html - Exploit
References	~~() http://secunia.com/advisories/23292 - Exploit, Vendor Advisory~~	() http://secunia.com/advisories/23292 - Exploit, Vendor Advisory
References	~~() http://securityreason.com/securityalert/2032 -~~	() http://securityreason.com/securityalert/2032 -
References	~~() http://securitytracker.com/id?1017362 - Exploit~~	() http://securitytracker.com/id?1017362 - Exploit
References	~~() http://www.securityfocus.com/archive/1/454059/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/454059/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/21539 -~~	() http://www.securityfocus.com/bid/21539 -
References	~~() http://www.vupen.com/english/advisories/2006/4935 -~~	() http://www.vupen.com/english/advisories/2006/4935 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/30829 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/30829 -

Information

Published : 2006-12-14 01:28

Updated : 2024-11-21 00:22

NVD link : CVE-2006-6513

Mitre link : CVE-2006-6513

CVE.ORG link : CVE-2006-6513

JSON object : View

Products Affected

flippet.org

winamp_web_interface

CWE

NVD-CWE-Other

3.5 /10