CVE-2006-5966

Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to (1) reboot the system using the Reinicializar method in the ActiveScan.1 ActiveX control, or (2) determine arbitrary file existence and size via the ObtenerTamano method in the PAVPZ.SOS.1 ActiveX control.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/secunia_research/2006-64/advisory/	Patch Vendor Advisory
http://secunia.com/advisories/21763	Vendor Advisory
http://www.securityfocus.com/bid/21132
http://www.vupen.com/english/advisories/2006/4536	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/30318
https://exchange.xforce.ibmcloud.com/vulnerabilities/30317
http://www.securityfocus.com/archive/1/451864/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:panda:activescan:5.53.00:::::::*
	cpe:2.3:a:panda:activescan:5.0:::::::*

Information

Published : 2006-11-17 22:07

Updated : 2018-10-17 21:46

NVD link : CVE-2006-5966

Mitre link : CVE-2006-5966

JSON object : View

Products Affected

panda

activescan

CWE

CWE-399

Resource Management Errors

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/secunia_research/2006-64/advisory/", "name": "http://secunia.com/secunia_research/2006-64/advisory/", "tags": ["Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/21763", "name": "21763", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/21132", "name": "21132", "tags": [], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2006/4536", "name": "ADV-2006-4536", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30318", "name": "pandaactivescan-pavpz-info-disclosure(30318)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30317", "name": "pandaactivescan-activescan-dos(30317)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/451864/100/0/threaded", "name": "20061116 Secunia Research: Panda ActiveScan Multiple Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to (1) reboot the system using the Reinicializar method in the ActiveScan.1 ActiveX control, or (2) determine arbitrary file existence and size via the ObtenerTamano method in the PAVPZ.SOS.1 ActiveX control."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-399"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-5966", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-11-17T22:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:panda:activescan:5.53.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:panda:activescan:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:46Z"}