CVE-2006-4140

Ipcheck Server Monitor - Path Traversal

Title source: rule
STIX 2.1

Description

Directory traversal vulnerability in IPCheck Server Monitor before 5.3.3.639/640 allows remote attackers to read arbitrary files via modified .. (dot dot) sequences in the URL, including (1) "..%2f" (encoded "/" slash), "..../" (multiple dot), and "..%255c../" (double-encoded "\" backslash).

Exploits (1)

exploitdb WRITEUP VERIFIED
by Tassi Raeburn · textremotewindows
https://www.exploit-db.com/exploits/28374

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/444227/100/0/threaded
Various Sources x_refsource_confirm
http://www.paessler.com/ipcheck/history
Exploit, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21468
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19473
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1389
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/442822/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28341
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016676
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3259

Scores

EPSS 0.1088
EPSS Percentile 93.5%

Details

Status published
Products (35)
ipcheck/server_monitor 4.3.1.368
ipcheck/server_monitor 4.3.1.382
ipcheck/server_monitor 4.4.1.521
ipcheck/server_monitor 4.4.1.522
ipcheck/server_monitor 5.0.1.272
ipcheck/server_monitor 5.0.1.299
ipcheck/server_monitor 5.0.1.309
ipcheck/server_monitor 5.0.1.321
ipcheck/server_monitor 5.1.0.341
ipcheck/server_monitor 5.1.0.342
... and 25 more
Published Aug 14, 2006
Tracked Since Feb 18, 2026