Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1201

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2005-1201
Last Modified 05 Sep 2008 04:48:30
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1201

Summary

Multiple directory traversal vulnerabilities in AZ Bulletin board (AZbb) before 1.0.08 allow (1) remote authenticated users with administrative privileges to delete arbitrary files via a .. (dot dot) in the URL to admin_avatar.php or admin_attachment.php or (2) remote attackers to enumerate files via a .. (dot dot) in the attachment parameter to attachment.php, which displays a different message when a file exists or does not exist.

Vulnerable Systems


References

SECUNIA - 15013

CONFIRM - http://azbb.cyaccess.com/azbb.php?1091778548

XF - az-bulletin-board-file-existence(20183)

XF - az-bulletin-board-file-modification(20180)

OSVDB - 15702

OSVDB - 15701

MISC - http://www.gulftech.org/?node=research&article_id=00068-04192005

BUGTRAQ - 20050420 Multiple Security Issues Found In AZBB


Last Updated: 27 May 2016 10:40:05