Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1628

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1628
Last Modified 10 Mar 2011 12:00:00
Published 17 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1628

Summary

apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.

Vulnerable Systems

Application

  • Web-app.org Webapp 0.9.9

  • Web-app.org Webapp 0.9.9.2

  • Web-app.org Webapp 0.9.9.2.1


References

VUPEN - ADV-2005-0554

MISC - http://www.soulblack.com.ar/repo/tools/sbwebapp.txt

BID - 13637

BUGTRAQ - 20061024 Re: Application orders Linux in WebAPP v0.9.9.2.1

BUGTRAQ - 20061023 Application orders Linux in WebAPP v0.9.9.2.1

MISC - http://www.defacers.com.mx/advisories/3.txt


Last Updated: 27 May 2016 10:40:14