Lucene search

[email protected]CVE-2005-3929

HistoryNov 30, 2005 - 11:03 a.m.

CVE-2005-3929

2005-11-3011:03:00

[email protected]

web.nvd.nist.gov

cve-2005-3929

directory traversal

xaraya 1.0

remote attack

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.9 Medium

AI Score

Confidence

High

0.027 Low

EPSS

Percentile

90.6%

JSON

Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via “…” sequences in the module parameter to index.php.

Affected configurations

NVD

Node

xarayaxarayaMatch1.0_rc1

xarayaxarayaMatch1.0_rc2

xarayaxarayaMatch1.0_rc3

xarayaxarayaMatch1.0_rc4

CPENameOperatorVersion
xaraya:xarayaxarayaeq1.0_rc1
xaraya:xarayaxarayaeq1.0_rc2
xaraya:xarayaxarayaeq1.0_rc3
xaraya:xarayaxarayaeq1.0_rc4

CPE	Name	Operator	Version
xaraya:xaraya	xaraya	eq	1.0_rc1
xaraya:xaraya	xaraya	eq	1.0_rc2
xaraya:xaraya	xaraya	eq	1.0_rc3
xaraya:xaraya	xaraya	eq	1.0_rc4

References

rgod.altervista.org/xaraya1DOS.hmtl

secunia.com/advisories/17788

securityreason.com/securityalert/217

www.securityfocus.com/archive/1/418087/100/0/threaded

www.securityfocus.com/archive/1/418191/100/0/threaded

www.securityfocus.com/archive/1/418209/100/0/threaded

www.securityfocus.com/bid/15623

www.vupen.com/english/advisories/2005/2665

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.9 Medium

AI Score

Confidence

High

0.027 Low

EPSS

Percentile

90.6%

JSON

Related for CVE-2005-3929

nessus1 cvelist1 nvd1