Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3347

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2005-3347
Last Modified 02 Apr 2010 01:57:14
Published 17 Nov 2005 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3347

Summary

Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346.

Vulnerable Systems

Application

  • Phpgroupware 0.9.16


References

DEBIAN - DSA-898

XF - phpsysinfo-registerglobal-data-manipulation(23107)

BID - 15414

BID - 15396

BUGTRAQ - 20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo

MISC - http://www.hardened-php.net/advisory_212005.81.html

GENTOO - GLSA-200511-18

DEBIAN - DSA-899

DEBIAN - DSA-897

SECUNIA - 17698

SECUNIA - 17643

SECUNIA - 17620

SECUNIA - 17616

SECUNIA - 17584

SECUNIA - 17570

SECUNIA - 17441

MANDRIVA - MDKSA-2005:212


Last Updated: 27 May 2016 10:40:54