CVE-2005-0870

Published: 02/05/2005 Updated: 11/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote malicious users to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpsysinfo phpsysinfo 2.3

Debian Bug report logs - #339079 CVE-2005-334[78]: Two vulnerabilities in phpsysinfo Package: phpsysinfo; Maintainer for phpsysinfo is Bjoern Boschman <bjoern@boschmande>; Source for phpsysinfo is src:phpsysinfo (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 14 Nov 2005 20:49:25 UT ...

Several vulnerabilities have been discovered in phpsysinfo, a PHP based host information application that is included in phpgroupware The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-0870 Maksymilian Arciemowicz discovered several cross site scripting problems, of which not all were fixed in ...

Several vulnerabilities have been discovered in egroupware, a web-based groupware suite The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-0870 Maksymilian Arciemowicz discovered several cross site scripting problems in phpsysinfo, which are also present in the imported version in egroupware a ...

Maksymilian Arciemowicz discovered several cross site scripting issues in phpsysinfo, a PHP based host information application For the stable distribution (woody) these problems have been fixed in version 20-3woody2 For the testing (sarge) and unstable (sid) distribution these problems have been fixed in version 23-3 We recommend that you upgr ...

Several vulnerabilities have been discovered in phpsysinfo, a PHP based host information application The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-0870 Maksymilian Arciemowicz discovered several cross site scripting problems, of which not all were fixed in DSA 724 CVE-2005-3347 Christop ...

source: wwwsecurityfocuscom/bid/12887/info phpSysInfo is reportedly affected by multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user ...

phpSysInfo versions 24 and below suffer from cross site scripting, HTTP response splitting, and arbitrary file inclusion flaws ...

NVD-CWE-Other http://secunia.com/advisories/14690/http://www.debian.org/security/2005/dsa-724 http://www.debian.org/security/2005/dsa-898 http://www.securityfocus.com/archive/1/416543 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118 http://www.debian.org/security/2005/dsa-899 http://www.securityfocus.com/bid/15414 http://www.debian.org/security/2005/dsa-897 http://secunia.com/advisories/17616 http://secunia.com/advisories/17643 http://www.securityfocus.com/bid/12887 http://www.mandriva.com/security/advisories?name=MDKSA-2005:212 http://marc.info/?l=bugtraq&m=111161017209422&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/19807 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339079 https://nvd.nist.gov https://www.exploit-db.com/exploits/25265/https://www.debian.org/security/./dsa-898

CVE-2005-0870

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect