Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2259

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2005-2259
Last Modified 05 Sep 2008 04:51:18
Published 13 Jul 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2259

Summary

The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter.

Vulnerable Systems

Application

  • Usanet Creations Domain Name Auction

  • Usanet Creations Makebid Auction Deluxe

  • Usanet Creations Makebid Auction Deluxe 3.30

  • Usanet Creations Makebid Auction Standard

  • Usanet Creations Makebid Reverse Auction

  • Usanet Creations Standard Classified Ads

  • Usanet Creations Usanet Shopping Mall


References

BID - 14179

SECTRACK - 1014411

SECUNIA - 15985


Last Updated: 27 May 2016 10:40:27