Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4861

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4861
Last Modified 05 Sep 2008 04:58:02
Published 31 Dec 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4861

Summary

functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function.

Vulnerable Systems

Application

  • Jasio.net Ragnarok Online Control Panel 4.3.4a


References

OSVDB - 18389

CONFIRM - http://www.jasio.net/index.php?categoryid=3&p13_sectionid=2&p13_fileid=6

SECUNIA - 16287

BUGTRAQ - 20050730 RO CP root exploit


Last Updated: 27 May 2016 10:41:28