Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3645

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-3645
Last Modified 10 Aug 2011 12:00:00
Published 17 Nov 2005 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3645

Summary

phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php.

Vulnerable Systems

Application

  • Phpadsnew 2 Dev 2001-09-30

  • Phpadsnew 2 Dev 2001-10-09

  • Phpadsnew 2.0 Beta5

  • Phpadsnew 2.0 Beta6

  • Phpadsnew 2.0.4 Pr1

  • Phpadsnew 2.0.5

  • Phpadsnew 2.0.6

  • Phppgads 2.0.6


References

SECUNIA - 17464

XF - phpadsnew-multiple-path-disclosure(23043)

VUPEN - ADV-2005-2380

OSVDB - 20743

OSVDB - 20742

OSVDB - 20741

OSVDB - 20740

OSVDB - 20739

OSVDB - 20738

OSVDB - 20737

OSVDB - 20736

OSVDB - 20735

MISC - http://www.fitsec.com/advisories/FS-05-01.txt

CONFIRM - http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942

SREASON - 171

BUGTRAQ - 20051115 [PHPADSNEW-SA-2005-002] phpAdsNew and phpPgAds 2.0.7 fix multiple vulnerabilities

BUGTRAQ - 20051110 [FS-05-01] Multiple vulnerabilities in phpAdsNew


Last Updated: 27 May 2016 10:41:00