CVE-2006-1175 - The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for scripting, which allows remote at

CVE-2006-1175

Summary

The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for scripting, which allows remote attackers to read and write files in arbitrary locations by accessing the control from a web page.

References

http://secunia.com/advisories/20361
http://www.kb.cert.org/vuls/id/378604
http://www.securityfocus.com/bid/18192
http://www.vupen.com/english/advisories/2006/2064
https://exchange.xforce.ibmcloud.com/vulnerabilities/26752

Vulnerable Configurations

cpe:2.3:a:weonlydo:weonlydo_sftp:*:*:*:*:*:*:*:*
cpe:2.3:a:weonlydo:weonlydo_sftp:*:*:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 20-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:P/A:N

refmap via4

bid	18192
cert-vn	VU#378604
secunia	20361
vupen	ADV-2006-2064
xf	wodsftp-activex-unauth-access(26752)

Last major update

20-07-2017 - 01:30

Published

31-05-2006 - 10:06

Last modified

20-07-2017 - 01:30