CVE

Id
16860  
CVE No.
CVE-2006-0756  
Status
Candidate  
Description
** DISPUTED ** dotProject 2.0.1 and earlier leaves (1) phpinfo.php and (2) check.php accessible under the /docs/ directory after installation, which allows remote attackers to obtain sensitive configuration information. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php.  
Phase
Assigned (20060218)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
137310 16860 CVE-2006-0756 BUGTRAQ:20060214 dotproject <= 2.0.1 remote code execution  View
137311 16860 CVE-2006-0756 URL:http://www.securityfocus.com/archive/1/archive/1/424957/100/0/threaded  View
137312 16860 CVE-2006-0756 BUGTRAQ:20060215 Re: dotproject <= 2.0.1 remote code execution  View
137313 16860 CVE-2006-0756 URL:http://www.securityfocus.com/archive/1/425285/100/0/threaded  View
137314 16860 CVE-2006-0756 BID:16648  View
137315 16860 CVE-2006-0756 URL:http://www.securityfocus.com/bid/16648  View
137316 16860 CVE-2006-0756 VUPEN:ADV-2006-0604  View
137317 16860 CVE-2006-0756 URL:http://www.vupen.com/english/advisories/2006/0604  View
137318 16860 CVE-2006-0756 OSVDB:23207  View
137319 16860 CVE-2006-0756 URL:http://www.osvdb.org/23207  View
137320 16860 CVE-2006-0756 OSVDB:23208  View
137321 16860 CVE-2006-0756 URL:http://www.osvdb.org/23208  View
137322 16860 CVE-2006-0756 SECUNIA:18879  View
137323 16860 CVE-2006-0756 URL:http://secunia.com/advisories/18879  View
137324 16860 CVE-2006-0756 SREASON:434  View
137325 16860 CVE-2006-0756 URL:http://securityreason.com/securityalert/434  View
137326 16860 CVE-2006-0756 XF:dotproject-phpinfo-check-obtain-info(24745)  View

Related JVN