Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 31/12/2002 Updated: 05/09/2008

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote malicious users to determine the existence of arbitrary directories via ".." sequences in the album parameter, which generates different error messages depending on whether the directory exists or not.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ids ids 0.8.1

source: wwwsecurityfocuscom/bid/4870/info IDS (Image Display System) is an web based photo album application written in Perl IDS is freely available and is maintained by Ashley M Kirchner Users can confirm the existence and location of various directories residing on the IDS host This is accomplished when a request for a directory an ...

NVD-CWE-Other http://online.securityfocus.com/archive/1/274433 http://ids.sourceforge.net/ChangeLog.html http://www.securityfocus.com/bid/4870 http://www.iss.net/security_center/static/9201.php https://nvd.nist.gov https://www.exploit-db.com/exploits/21487/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2002-1837

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect