Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2256

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2256
Last Modified 05 Sep 2008 04:51:17
Published 13 Jul 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2256

Summary

Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.

Vulnerable Systems

Application

  • Phppgadmin 3.1

  • Phppgadmin 3.2

  • Phppgadmin 3.3

  • Phppgadmin 3.4

  • Phppgadmin 3.4.1

  • Phppgadmin 3.5.3


References

MISC - http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html

BID - 14142

SECTRACK - 1014414

SECUNIA - 15941

DEBIAN - DSA-759

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=342261

SECUNIA - 16116

MLIST - [Dailydave] 20050704 !!! pre-authenticated remote code inclusion vulnerability inside phppgadmin !!!


Last Updated: 27 May 2016 10:40:27