Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0796

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-0796
Last Modified 05 Sep 2008 04:47:20
Published 02 May 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0796

Summary

Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote attackers to overwrite arbitrary files via a "holaDB/votes" followed by a .. (dot dot) in the vote_filename parameter, which bypasses the check by HolaCMS to ensure that the file is in the holaDB/votes directory.

Vulnerable Systems


References

SECUNIA - 14566

CONFIRM - http://www.holacms.de/?content=changelog

BUGTRAQ - 20050315 Virginity Security Advisory 2005-002 : Hola CMS - Another File destruction and System access


Last Updated: 27 May 2016 10:39:56