Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3929

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-3929
Last Modified 07 Mar 2011 09:27:23
Published 30 Nov 2005 06:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3929

Summary

Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via ".." sequences in the module parameter to index.php.

Vulnerable Systems

Application

  • Xaraya 1.0 Rc1

  • Xaraya 1.0 Rc2

  • Xaraya 1.0 Rc3

  • Xaraya 1.0 Rc4


References

VUPEN - ADV-2005-2665

BID - 15623

BUGTRAQ - 20051129 Xaraya <= 1.0.0 RC4 D.O.S / file corruption

MISC - http://rgod.altervista.org/xaraya1DOS.hmtl

BUGTRAQ - 20051130 Re: Re: Xaraya <= 1.0.0 RC4 D.O.S / file corruption

BUGTRAQ - 20051130 Re: Xaraya <= 1.0.0 RC4 D.O.S / file corruption

SREASON - 217

SECUNIA - 17788


Last Updated: 27 May 2016 10:41:06