Lucene search

MitreCVE-2005-3645

HistoryNov 17, 2005 - 11:02 a.m.

CVE-2005-3645

2005-11-1711:02:00

CWE-200

mitre

web.nvd.nist.gov

cve

2005

3645

phpadsnew

phppgads

remote attackers

sensitive information

security vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.012

Percentile

85.5%

JSON

phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php.

Affected configurations

Nvd

Node

phpadsnewphpadsnewMatch2.0.4_pr1

phpadsnewphpadsnewMatch2.0.5

phpadsnewphpadsnewMatch2.0.6

phpadsnewphpadsnewMatch2.0_beta5

phpadsnewphpadsnewMatch2.0_beta6

phpadsnewphpadsnewMatch2_dev_2001-09-30

phpadsnewphpadsnewMatch2_dev_2001-10-09

phppgadsphppgadsMatch2.0.6

VendorProductVersionCPE
phpadsnewphpadsnew2.0.4_pr1cpe:2.3:a:phpadsnew:phpadsnew:2.0.4_pr1:*:*:*:*:*:*:*
phpadsnewphpadsnew2.0.5cpe:2.3:a:phpadsnew:phpadsnew:2.0.5:*:*:*:*:*:*:*
phpadsnewphpadsnew2.0.6cpe:2.3:a:phpadsnew:phpadsnew:2.0.6:*:*:*:*:*:*:*
phpadsnewphpadsnew2.0_beta5cpe:2.3:a:phpadsnew:phpadsnew:2.0_beta5:*:*:*:*:*:*:*
phpadsnewphpadsnew2.0_beta6cpe:2.3:a:phpadsnew:phpadsnew:2.0_beta6:*:*:*:*:*:*:*
phpadsnewphpadsnew2_dev_2001-09-30cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-09-30:*:*:*:*:*:*:*
phpadsnewphpadsnew2_dev_2001-10-09cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-10-09:*:*:*:*:*:*:*
phppgadsphppgads2.0.6cpe:2.3:a:phppgads:phppgads:2.0.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpadsnew	phpadsnew	2.0.4_pr1	cpe:2.3:a:phpadsnew:phpadsnew:2.0.4_pr1:::::::*
phpadsnew	phpadsnew	2.0.5	cpe:2.3:a:phpadsnew:phpadsnew:2.0.5:::::::*
phpadsnew	phpadsnew	2.0.6	cpe:2.3:a:phpadsnew:phpadsnew:2.0.6:::::::*
phpadsnew	phpadsnew	2.0_beta5	cpe:2.3:a:phpadsnew:phpadsnew:2.0_beta5:::::::*
phpadsnew	phpadsnew	2.0_beta6	cpe:2.3:a:phpadsnew:phpadsnew:2.0_beta6:::::::*
phpadsnew	phpadsnew	2_dev_2001-09-30	cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-09-30:::::::*
phpadsnew	phpadsnew	2_dev_2001-10-09	cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-10-09:::::::*
phppgads	phppgads	2.0.6	cpe:2.3:a:phppgads:phppgads:2.0.6:::::::*

References

marc.info/?l=bugtraq&m=113165036315035&w=2

seclists.org/lists/bugtraq/2005/Nov/0189.html

secunia.com/advisories/17464/

securityreason.com/securityalert/171

sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942

www.fitsec.com/advisories/FS-05-01.txt

www.osvdb.org/20735

www.osvdb.org/20736

www.osvdb.org/20737

www.osvdb.org/20738

www.osvdb.org/20739

www.osvdb.org/20740

www.osvdb.org/20741

www.osvdb.org/20742

www.osvdb.org/20743

www.vupen.com/english/advisories/2005/2380

exchange.xforce.ibmcloud.com/vulnerabilities/23043

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.012

Percentile

85.5%

JSON

Related for CVE-2005-3645