CVE-2006-5034

Paul Smith Computer Services vCAP <1.9.0 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5034. PoCs published by securma massine.

AI-analyzed exploit summary The provided text describes a directory traversal vulnerability in vCAP Calendar Server 1.9.0 Beta and prior versions. It includes a URL example demonstrating how an attacker can retrieve arbitrary files, such as the vCAP.db database file, by exploiting improper input sanitization.

Description

Directory traversal vulnerability in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

Exploits (1)

exploitdb WRITEUP VERIFIED

by securma massine · textremotewindows

https://www.exploit-db.com/exploits/28512

View Code ZIP pw:eip

The provided text describes a directory traversal vulnerability in vCAP Calendar Server 1.9.0 Beta and prior versions. It includes a URL example demonstrating how an attacker can retrieve arbitrary files, such as the vCAP.db database file, by exploiting improper input sanitization.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: vCAP Calendar Server 1.9.0 Beta and prior versions

No auth needed

Prerequisites: Network access to the vulnerable server

MITRE ATT&CK