Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2956

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2956
Last Modified 05 Sep 2008 04:53:04
Published 16 Sep 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2956

Summary

ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files.

Vulnerable Systems

Application

  • Adaptive Technology Resource Centre Atutor 1.5.1


References

BID - 14832

MISC - http://rgod.altervista.org/atutor151.html

BUGTRAQ - 20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution

SREASON - 9


Last Updated: 27 May 2016 10:40:41