Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3484

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-3484
Last Modified 07 Mar 2011 09:26:35
Published 03 Nov 2005 05:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3484

Summary

Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier allows remote attackers to read arbitrary files with certain file extensions (such as ZIP, AVI, JPG, TXT, and HTML) via ".." and hex-encoded (1) slash "/" ("%2f") or (2) backslash "\" ("%5c") sequences.

Vulnerable Systems

Application

  • Neronet 1.2.0.2


References

VUPEN - ADV-2005-2287

FULLDISC - 20051102 Limited directory traversal in NeroNET 1.2.0.2

MISC - http://aluigi.altervista.org/adv/neronet-adv.txt

BID - 15288

SECUNIA - 17421


Last Updated: 27 May 2016 10:40:56