Lucene search

[email protected]CVE-2005-3927

HistoryNov 30, 2005 - 11:03 a.m.

CVE-2005-3927

2005-11-3011:03:00

[email protected]

web.nvd.nist.gov

cve

guppy

vulnerability

directory traversal

remote attack

arbitrary files

security issue

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.8%

JSON

Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng parameter to the in admin/inc scripts (2) archbatch.php, (3) dbbatch.php, and (4) nwlmail.php.

Affected configurations

NVD

Node

guppyguppyMatch4.5

guppyguppyMatch4.5.3

guppyguppyMatch4.5.3a

guppyguppyMatch4.5.4

guppyguppyMatch4.5.9

CPENameOperatorVersion
guppy:guppyguppyeq4.5
guppy:guppyguppyeq4.5.3
guppy:guppyguppyeq4.5.3a
guppy:guppyguppyeq4.5.4
guppy:guppyguppyeq4.5.9

CPE	Name	Operator	Version
guppy:guppy	guppy	eq	4.5
guppy:guppy	guppy	eq	4.5.3
guppy:guppy	guppy	eq	4.5.3a
guppy:guppy	guppy	eq	4.5.4
guppy:guppy	guppy	eq	4.5.9

References

rgod.altervista.org/guppy459_xpl.html

secunia.com/advisories/17790

securityreason.com/securityalert/212

securitytracker.com/id?1015279

www.securityfocus.com/archive/1/417899/100/0/threaded

www.securityfocus.com/bid/15610

www.vupen.com/english/advisories/2005/2635

exchange.xforce.ibmcloud.com/vulnerabilities/23319

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.8%

JSON

Related for CVE-2005-3927

cvelist1 nvd1 nessus1