Published: 10/11/2006 Updated: 19/10/2017

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 215

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

openexec in OpenBase SQL prior to 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openbase international ltd openbase 9.1.5
openbase international ltd openbase 10.0
openbase international ltd openbase 7.0.15
openbase international ltd openbase 8.0.4

#!/usr/bin/perl # # wwwdigitalmunitioncom # written by kf (kf_lists[at]digitalmunition[dot]com) # # <= ftp://wwwopenbasecom/pub/OpenBase_100 (vulnerable) ? # # Create a new file anywhere on the filesystem with rw-rw-rw privs # Sorry you can NOT overwrite existing files # # Writing to roots crontab seems to be fairly prompt at handi ...

CWE-59 http://www.digitalmunition.com/DMA%5B2006-1107a%5D.txt http://secunia.com/advisories/22742 http://www.vupen.com/english/advisories/2006/4404 http://marc.info/?l=full-disclosure&m=116296717330758&w=2 https://www.exploit-db.com/exploits/2737 https://nvd.nist.gov https://www.exploit-db.com/exploits/2737/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-5851

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect