CVE-2005-0253

Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the database_name parameter.
References
Link Resource
http://marc.info/?l=bugtraq&m=110868948719773&w=2 Exploit Mailing List Third Party Advisory
http://marc.info/?l=full-disclosure&m=110864983905770&w=2 Exploit Mailing List Third Party Advisory
http://www.securityfocus.com/bid/12583 Broken Link Exploit Patch Third Party Advisory VDB Entry
http://marc.info/?l=bugtraq&m=110868948719773&w=2 Exploit Mailing List Third Party Advisory
http://marc.info/?l=full-disclosure&m=110864983905770&w=2 Exploit Mailing List Third Party Advisory
http://www.securityfocus.com/bid/12583 Broken Link Exploit Patch Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:guillaumegardey:biborb:1.3.2:-:*:*:*:*:*:*
cpe:2.3:a:guillaumegardey:biborb:1.3.2:rc:*:*:*:*:*:*

History

20 Nov 2024, 23:54

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=110868948719773&w=2 - Exploit, Mailing List, Third Party Advisory () http://marc.info/?l=bugtraq&m=110868948719773&w=2 - Exploit, Mailing List, Third Party Advisory
References () http://marc.info/?l=full-disclosure&m=110864983905770&w=2 - Exploit, Mailing List, Third Party Advisory () http://marc.info/?l=full-disclosure&m=110864983905770&w=2 - Exploit, Mailing List, Third Party Advisory
References () http://www.securityfocus.com/bid/12583 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/12583 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry

02 Feb 2024, 16:50

Type Values Removed Values Added
First Time Guillaumegardey
Guillaumegardey biborb
CPE cpe:2.3:a:markusmobius:biborb:1.3.2:*:*:*:*:*:*:* cpe:2.3:a:guillaumegardey:biborb:1.3.2:rc:*:*:*:*:*:*
cpe:2.3:a:guillaumegardey:biborb:1.3.2:-:*:*:*:*:*:*

26 Jan 2024, 19:16

Type Values Removed Values Added
CWE NVD-CWE-Other CWE-22
References (FULLDISC) http://marc.info/?l=full-disclosure&m=110864983905770&w=2 - (FULLDISC) http://marc.info/?l=full-disclosure&m=110864983905770&w=2 - Exploit, Mailing List, Third Party Advisory
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=110868948719773&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=110868948719773&w=2 - Exploit, Mailing List, Third Party Advisory
References (BID) http://www.securityfocus.com/bid/12583 - Exploit, Patch (BID) http://www.securityfocus.com/bid/12583 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry
CVSS v2 : 5.0
v3 : unknown
v2 : 4.0
v3 : unknown
CPE cpe:2.3:a:biborb:biborb:1.3.2:*:*:*:*:*:*:* cpe:2.3:a:markusmobius:biborb:1.3.2:*:*:*:*:*:*:*
First Time Markusmobius
Markusmobius biborb

Information

Published : 2005-05-02 04:00

Updated : 2024-11-20 23:54


NVD link : CVE-2005-0253

Mitre link : CVE-2005-0253

CVE.ORG link : CVE-2005-0253


JSON object : View

Products Affected

guillaumegardey

  • biborb
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')