Vulnerability-Lookup

CVE-2006-1959 (GCVE-0-2006-1959)

Vulnerability from cvelistv5 – Published: 2006-04-21 10:00 – Updated: 2024-08-07 17:35

Summary

PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/19743	third-party-advisoryx_refsource_SECUNIA
	http://securitytracker.com/id?1015967	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2006/1430	vdb-entryx_refsource_VUPEN
	http://securityreason.com/securityalert/742	third-party-advisoryx_refsource_SREASON
	http://www.securityfocus.com/bid/17597	vdb-entryx_refsource_BID
	http://www.osvdb.org/24778	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/archive/1/431351/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/434562/100…	mailing-listx_refsource_BUGTRAQ

Date Public ?

2006-04-19 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:35:30.691Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "actualanalyzer-direct-file-include(25893)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25893"
          },
          {
            "name": "19743",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19743"
          },
          {
            "name": "1015967",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015967"
          },
          {
            "name": "ADV-2006-1430",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1430"
          },
          {
            "name": "742",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/742"
          },
          {
            "name": "17597",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17597"
          },
          {
            "name": "24778",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/24778"
          },
          {
            "name": "20060419 [MajorSecurity]ActualAnalyzer - Remote File Include Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/431351/100/0/threaded"
          },
          {
            "name": "20060520 ActualAnalyzer Server \u003c=8.23 - Remote File Include Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/434562/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-04-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "actualanalyzer-direct-file-include(25893)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25893"
        },
        {
          "name": "19743",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19743"
        },
        {
          "name": "1015967",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015967"
        },
        {
          "name": "ADV-2006-1430",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1430"
        },
        {
          "name": "742",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/742"
        },
        {
          "name": "17597",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17597"
        },
        {
          "name": "24778",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/24778"
        },
        {
          "name": "20060419 [MajorSecurity]ActualAnalyzer - Remote File Include Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/431351/100/0/threaded"
        },
        {
          "name": "20060520 ActualAnalyzer Server \u003c=8.23 - Remote File Include Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/434562/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-1959",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "actualanalyzer-direct-file-include(25893)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25893"
            },
            {
              "name": "19743",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19743"
            },
            {
              "name": "1015967",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015967"
            },
            {
              "name": "ADV-2006-1430",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1430"
            },
            {
              "name": "742",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/742"
            },
            {
              "name": "17597",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17597"
            },
            {
              "name": "24778",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/24778"
            },
            {
              "name": "20060419 [MajorSecurity]ActualAnalyzer - Remote File Include Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/431351/100/0/threaded"
            },
            {
              "name": "20060520 ActualAnalyzer Server \u003c=8.23 - Remote File Include Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/434562/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-1959",
    "datePublished": "2006-04-21T10:00:00.000Z",
    "dateReserved": "2006-04-21T00:00:00.000Z",
    "dateUpdated": "2024-08-07T17:35:30.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2006-1959",
      "date": "2026-04-17",
      "epss": "0.1689",
      "percentile": "0.94971"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:actualscripts:actualanalyzer:*:*:server:*:*:*:*:*\", \"versionEndIncluding\": \"8.23\", \"matchCriteriaId\": \"B0B388E5-7602-47CD-94EB-3A01E8A79877\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:actualscripts:actualanalyzer:2.72:*:lite:*:*:*:*:*\", \"matchCriteriaId\": \"417E9D6A-AA8F-43A0-B735-2E2CCCB817FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:actualscripts:actualanalyzer:7.63:gold:*:*:*:*:*:*\", \"matchCriteriaId\": \"89B88BAD-8877-4BFB-95EB-DA4EFFF01816\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter.\"}]",
      "id": "CVE-2006-1959",
      "lastModified": "2024-11-21T00:10:11.470",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2006-04-21T10:02:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/19743\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/742\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1015967\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/24778\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/431351/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/434562/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/17597\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1430\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25893\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/19743\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/742\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1015967\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/24778\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/431351/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/434562/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/17597\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1430\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25893\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-1959\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-04-21T10:02:00.000\",\"lastModified\":\"2026-04-16T00:27:16.627\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:actualscripts:actualanalyzer:*:*:server:*:*:*:*:*\",\"versionEndIncluding\":\"8.23\",\"matchCriteriaId\":\"B0B388E5-7602-47CD-94EB-3A01E8A79877\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:actualscripts:actualanalyzer:2.72:*:lite:*:*:*:*:*\",\"matchCriteriaId\":\"417E9D6A-AA8F-43A0-B735-2E2CCCB817FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:actualscripts:actualanalyzer:7.63:gold:*:*:*:*:*:*\",\"matchCriteriaId\":\"89B88BAD-8877-4BFB-95EB-DA4EFFF01816\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/19743\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/742\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1015967\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/24778\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/431351/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/434562/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/17597\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1430\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25893\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/19743\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/742\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1015967\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/24778\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/431351/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/434562/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/17597\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1430\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25893\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2006-1959

Vulnerability from fkie_nvd - Published: 2006-04-21 10:02 - Updated: 2026-04-16 00:27

Severity ?

Summary

References

	URL	Tags
	cve@mitre.org	http://secunia.com/advisories/19743
	cve@mitre.org	http://securityreason.com/securityalert/742
	cve@mitre.org	http://securitytracker.com/id?1015967
	cve@mitre.org	http://www.osvdb.org/24778
	cve@mitre.org	http://www.securityfocus.com/archive/1/431351/100/0/threaded
	cve@mitre.org	http://www.securityfocus.com/archive/1/434562/100/0/threaded
	cve@mitre.org	http://www.securityfocus.com/bid/17597
	cve@mitre.org	http://www.vupen.com/english/advisories/2006/1430
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/25893
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19743
	af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/742
	af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015967
	af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/24778
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/431351/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/434562/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17597
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1430
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/25893

Impacted products

Vendor	Product	Version
actualscripts	actualanalyzer	*
actualscripts	actualanalyzer	2.72
actualscripts	actualanalyzer	7.63

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:actualscripts:actualanalyzer:*:*:server:*:*:*:*:*",
              "matchCriteriaId": "B0B388E5-7602-47CD-94EB-3A01E8A79877",
              "versionEndIncluding": "8.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:actualscripts:actualanalyzer:2.72:*:lite:*:*:*:*:*",
              "matchCriteriaId": "417E9D6A-AA8F-43A0-B735-2E2CCCB817FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:actualscripts:actualanalyzer:7.63:gold:*:*:*:*:*:*",
              "matchCriteriaId": "89B88BAD-8877-4BFB-95EB-DA4EFFF01816",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter."
    }
  ],
  "id": "CVE-2006-1959",
  "lastModified": "2026-04-16T00:27:16.627",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-04-21T10:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19743"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/742"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1015967"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/24778"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/431351/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/434562/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/17597"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/1430"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24778"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/431351/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/434562/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/17597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25893"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2006-1959

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-1959

Aliases

CVE-2006-1959

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-1959",
    "description": "PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter.",
    "id": "GSD-2006-1959"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-1959"
      ],
      "details": "PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter.",
      "id": "GSD-2006-1959",
      "modified": "2023-12-13T01:19:55.254060Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-1959",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "actualanalyzer-direct-file-include(25893)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25893"
          },
          {
            "name": "19743",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19743"
          },
          {
            "name": "1015967",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015967"
          },
          {
            "name": "ADV-2006-1430",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/1430"
          },
          {
            "name": "742",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/742"
          },
          {
            "name": "17597",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/17597"
          },
          {
            "name": "24778",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/24778"
          },
          {
            "name": "20060419 [MajorSecurity]ActualAnalyzer - Remote File Include Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/431351/100/0/threaded"
          },
          {
            "name": "20060520 ActualAnalyzer Server \u003c=8.23 - Remote File Include Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/434562/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:actualscripts:actualanalyzer:*:*:server:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.23",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:actualscripts:actualanalyzer:2.72:*:lite:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:actualscripts:actualanalyzer:7.63:gold:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-1959"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "17597",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/17597"
            },
            {
              "name": "19743",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/19743"
            },
            {
              "name": "24778",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/24778"
            },
            {
              "name": "1015967",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1015967"
            },
            {
              "name": "742",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/742"
            },
            {
              "name": "ADV-2006-1430",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/1430"
            },
            {
              "name": "actualanalyzer-direct-file-include(25893)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25893"
            },
            {
              "name": "20060520 ActualAnalyzer Server \u003c=8.23 - Remote File Include Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/434562/100/0/threaded"
            },
            {
              "name": "20060419 [MajorSecurity]ActualAnalyzer - Remote File Include Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/431351/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-18T16:37Z",
      "publishedDate": "2006-04-21T10:02Z"
    }
  }
}

GHSA-6W29-MJR5-R844

Vulnerability from github – Published: 2022-05-01 06:54 – Updated: 2022-05-01 06:54

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-1959"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-04-21T10:02:00Z",
    "severity": "HIGH"
  },
  "details": "PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter.",
  "id": "GHSA-6w29-mjr5-r844",
  "modified": "2022-05-01T06:54:29Z",
  "published": "2022-05-01T06:54:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-1959"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25893"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19743"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/742"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015967"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/24778"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/431351/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/434562/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/17597"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1430"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-1959 (GCVE-0-2006-1959)

FKIE_CVE-2006-1959

GSD-2006-1959

GHSA-6W29-MJR5-R844

Tags

Sightings

Nomenclature