Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4320

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-4320
Last Modified 07 Oct 2011 12:00:00
Published 17 Dec 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4320

Summary

Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the installation path of the application via a direct request to (1) doc.inc.php, (2) element.inc.php, and (3) node.inc.php, which leaks the path in an error message.

Vulnerable Systems

Application

  • Limbo Cms 1.0.4.2


References

SECUNIA - 18063

VUPEN - ADV-2005-2932

BUGTRAQ - 20051214 LIMBO CMS <= v1.0.4.2 _SERVER[] array overwrite / remote code execution

OSVDB - 21759

OSVDB - 21758

OSVDB - 21757

SECTRACK - 1015364

MISC - http://rgod.altervista.org/limbo1042_xpl.html


Last Updated: 27 May 2016 10:41:16