Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5128

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-5128
Last Modified 05 Sep 2008 05:29:57
Published 27 Sep 2007 03:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5128

Summary

SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to an unsupported argument type for the mktime function on Windows.

Vulnerable Systems

Application

  • Boesch-it Simpnews 2.41.03

  • Php 5.0.0


References

CONFIRM - http://forum.boesch-it.de/viewtopic.php?t=2791

BUGTRAQ - 20070925 SimpNews version 2.41.03 Multiple Path Disclosure Vulnerabilities

MISC - http://www.netvigilance.com/advisory0068

SREASON - 3174


Last Updated: 27 May 2016 10:46:05