High severityNVD Advisory· Published Jul 21, 2006· Updated Apr 16, 2026
CVE-2006-3695
CVE-2006-3695
Description
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tracPyPI | < 0.9.6 | 0.9.6 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
16- secunia.com/advisories/20958nvdVendor Advisory
- secunia.com/advisories/21534nvdVendor Advisory
- www.vupen.com/english/advisories/2006/2729nvdVendor Advisory
- github.com/advisories/GHSA-r524-c2gf-5chrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2006-3695ghsaADVISORY
- trac.edgewall.org/wiki/ChangeLognvdWEB
- www.debian.org/security/2006/dsa-1152nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/27706nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/27708nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/trac/PYSEC-2006-2.yamlghsaWEB
- web.archive.org/web/20061227230548/http://trac.edgewall.org/wiki/ChangeLogghsaWEB
- web.archive.org/web/20140804165436/http://secunia.com/advisories/21534ghsaWEB
- web.archive.org/web/20140806223337/http://secunia.com/advisories/20958ghsaWEB
- web.archive.org/web/20200228034827/http://www.securityfocus.com/bid/18323ghsaWEB
- securitytracker.com/idnvd
- www.securityfocus.com/bid/18323nvd
News mentions
0No linked articles in our index yet.