Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie.
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://pear.php.net/package/LiveUser/download/ | x_refsource_CONFIRM |
| http://securitytracker.com/id?1015659 | vdb-entry x_refsource_SECTRACK |
| http://www.securityfocus.com/bid/16761 | vdb-entry x_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24853 | vdb-entry x_refsource_XF |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24852 | vdb-entry x_refsource_XF |
| http://www.securityfocus.com/archive/1/425711/100/0/threaded | mailing-list x_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/466 | third-party-advisory x_refsource_SREASON |
| http://www.vupen.com/english/advisories/2006/0697 | vdb-entry x_refsource_VUPEN |
| http://www.gulftech.org/?node=research&article_id=00103-02212006 | x_refsource_MISC |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://pear.php.net/package/LiveUser/download/ | x_refsource_CONFIRM x_transferred |
| http://securitytracker.com/id?1015659 | vdb-entry x_refsource_SECTRACK x_transferred |
| http://www.securityfocus.com/bid/16761 | vdb-entry x_refsource_BID x_transferred |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24853 | vdb-entry x_refsource_XF x_transferred |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24852 | vdb-entry x_refsource_XF x_transferred |
| http://www.securityfocus.com/archive/1/425711/100/0/threaded | mailing-list x_refsource_BUGTRAQ x_transferred |
| http://securityreason.com/securityalert/466 | third-party-advisory x_refsource_SREASON x_transferred |
| http://www.vupen.com/english/advisories/2006/0697 | vdb-entry x_refsource_VUPEN x_transferred |
| http://www.gulftech.org/?node=research&article_id=00103-02212006 | x_refsource_MISC x_transferred |
Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 6.4 | MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
| CWE ID | Type | Source |
|---|---|---|
| NVD-CWE-Other | Primary | nvd@nist.gov |