Argument injection vulnerability in TellMe 1.2 and earlier allows remote attackers to modify command line arguments for the Whois program and obtain sensitive information via "--" style options in the q_Host parameter.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0107.html | Broken Link Exploit Patch Vendor Advisory |
http://exploitlabs.com/files/advisories/EXPL-A-2005-015-tellme.txt | Exploit Patch Vendor Advisory |
http://kimihia.org.nz/projects/tellme/files/tellme-1.2-1.3.diff | Product |
http://secunia.com/advisories/17078 | Broken Link Patch Vendor Advisory |
http://www.osvdb.org/19871 | Broken Link Exploit Patch |
https://exchange.xforce.ibmcloud.com/vulnerabilities/22522 | Third Party Advisory VDB Entry |
Configurations
History
13 Feb 2024, 17:53
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) http://kimihia.org.nz/projects/tellme/files/tellme-1.2-1.3.diff - Product | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/22522 - Third Party Advisory, VDB Entry | |
References | (FULLDISC) http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0107.html - Broken Link, Exploit, Patch, Vendor Advisory | |
References | (OSVDB) http://www.osvdb.org/19871 - Broken Link, Exploit, Patch | |
References | (SECUNIA) http://secunia.com/advisories/17078 - Broken Link, Patch, Vendor Advisory | |
CWE | CWE-88 | |
CPE | cpe:2.3:a:kimihia:tellme:*:*:*:*:*:*:*:* | |
First Time |
Kimihia tellme
Kimihia |
Information
Published : 2005-12-31 05:00
Updated : 2024-02-28 10:42
NVD link : CVE-2005-4699
Mitre link : CVE-2005-4699
CVE.ORG link : CVE-2005-4699
JSON object : View
Products Affected
kimihia
- tellme
CWE
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')