CVE-2005-3347

2005-11-1800:00:00

ubuntu.com

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.015 Low

EPSS

Percentile

86.8%

JSON

Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4
and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware
before 1.0.0.009, allow remote attackers to include arbitrary files via …
(dot dot) sequences in the (1) sensor_program parameter or the (2)
_SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal
variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory,
an issue in osh was inadvertently linked to this identifier; the proper
identifier for the osh issue is CVE-2005-3346.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchegroupware< 1.0.0.009.dfsg-3-4UNKNOWN
ubuntu6.10noarchegroupware< 1.0.0.009.dfsg-3-4UNKNOWN
ubuntu7.04noarchegroupware< 1.0.0.009.dfsg-3-4UNKNOWN
ubuntu6.06noarchphpgroupware< 0.9.16.010-1UNKNOWN
ubuntu6.10noarchphpgroupware< 0.9.16.010-1UNKNOWN
ubuntu7.04noarchphpgroupware< 0.9.16.010-1UNKNOWN
ubuntu6.06noarchphpsysinfo< 2.3-7UNKNOWN
ubuntu6.10noarchphpsysinfo< 2.3-7UNKNOWN
ubuntu7.04noarchphpsysinfo< 2.3-7UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	egroupware	< 1.0.0.009.dfsg-3-4	UNKNOWN
ubuntu	6.10	noarch	egroupware	< 1.0.0.009.dfsg-3-4	UNKNOWN
ubuntu	7.04	noarch	egroupware	< 1.0.0.009.dfsg-3-4	UNKNOWN
ubuntu	6.06	noarch	phpgroupware	< 0.9.16.010-1	UNKNOWN
ubuntu	6.10	noarch	phpgroupware	< 0.9.16.010-1	UNKNOWN
ubuntu	7.04	noarch	phpgroupware	< 0.9.16.010-1	UNKNOWN
ubuntu	6.06	noarch	phpsysinfo	< 2.3-7	UNKNOWN
ubuntu	6.10	noarch	phpsysinfo	< 2.3-7	UNKNOWN
ubuntu	7.04	noarch	phpsysinfo	< 2.3-7	UNKNOWN