High severityNVD Advisory· Published Jul 21, 2006· Updated Jun 16, 2026
CVE-2006-3695
CVE-2006-3695
Description
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tracPyPI | < 0.9.6 | 0.9.6 |
Affected products
2Patches
Vulnerability mechanics
References
16- secunia.com/advisories/20958nvdVendor Advisory
- secunia.com/advisories/21534nvdVendor Advisory
- www.vupen.com/english/advisories/2006/2729nvdVendor Advisory
- github.com/advisories/GHSA-r524-c2gf-5chrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2006-3695ghsaADVISORY
- trac.edgewall.org/wiki/ChangeLognvdWEB
- www.debian.org/security/2006/dsa-1152nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/27706nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/27708nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/trac/PYSEC-2006-2.yamlghsaWEB
- web.archive.org/web/20061227230548/http://trac.edgewall.org/wiki/ChangeLogghsaWEB
- web.archive.org/web/20140804165436/http://secunia.com/advisories/21534ghsaWEB
- web.archive.org/web/20140806223337/http://secunia.com/advisories/20958ghsaWEB
- web.archive.org/web/20200228034827/http://www.securityfocus.com/bid/18323ghsaWEB
- securitytracker.com/idnvd
- www.securityfocus.com/bid/18323nvd
News mentions
0No linked articles in our index yet.