Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2951

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2951
Last Modified 05 Sep 2008 04:53:04
Published 16 Sep 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2951

Summary

Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP commands via ".." sequences and "%00" (trailing null byte) characters in the l parameter, which is used in an include_once statement.

Vulnerable Systems

Application

  • Azerbaijan Development Group Azdgdating 2.1.3


References

XF - azdgdating-securityinc-code-execution(22258)

BID - 14819

SECUNIA - 16814

MISC - http://rgod.altervista.org/azdg.html

SREASON - 5

BUGTRAQ - 20050913 AzDGDatingLite V 2.1.3 remote code execution


Last Updated: 27 May 2016 10:40:40