CVE-2006-3830

{"id": "CVE-2006-3830", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-07-25T13:22:00.000", "references": [{"url": "http://secunia.com/advisories/21066", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.acid-root.new.fr/advisories/boastmachine.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this issue is a vulnerability only if there is a likely usage pattern in which the files would be opened or executed by local users, e.g., malware files with names that entice local users to open the files."}, {"lang": "es", "value": "La selecci\u00f3n de Idioma en la interfaz admin en Kailash Nadh boastMachine (formalmente bMachine) 3.1 y anteriores permite a administradores remotos validados actualizar archivos con extensiones de su elecci\u00f3n en el directorio bmc/Inc/Lang. NOTA: Dado que la actualizaci\u00f3n de archivos no puede ser accedida desde HTTP, este asunto es una vulnerabilidad solo si hay un patr\u00f3n probable de uso en el cual los archivos fueran abiertos o ejecutados por los usuarios locales, e.g., archivos de malware con nombres que tientan a usuarios locales a abrir esos archivos."}], "lastModified": "2008-09-05T21:08:10.760", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kailash_nadh:boastmachine:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B19759CD-3F3D-4A96-8DD0-828BA628427D"}, {"criteria": "cpe:2.3:a:kailash_nadh:boastmachine:2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FD75997-6BFC-4161-A12A-8AB03FBDB562"}, {"criteria": "cpe:2.3:a:kailash_nadh:boastmachine:2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AC1D5AE-1D9C-416A-8A34-61931C810478"}, {"criteria": "cpe:2.3:a:kailash_nadh:boastmachine:2.9b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73D3FA6A-5221-4607-961F-075A78EC6BEA"}, {"criteria": "cpe:2.3:a:kailash_nadh:boastmachine:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "621CCF40-F2DD-4F07-9F8B-37053AB04293"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}