Published: 30/10/2005 Updated: 08/03/2011

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Directory traversal vulnerability in GNUMP3D prior to 2.9.6 allows remote malicious users to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu gnump3d 2.9.3
gnu gnump3d 2.9.4
gnu gnump3d 2.9.5
gnu gnump3d 2.9
gnu gnump3d 2.9.1
gnu gnump3d 2.9.2

Steve Kemp discovered two vulnerabilities in gnump3d, a streaming server for MP3 and OGG files The Common Vulnerabilities and Exposures Project identifies the following problems: CVE-2005-3122 The 404 error page does not strip malicious javascript content from the resulting page, which would be executed in the victims browser CVE-20 ...

NVD-CWE-Other http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html http://www.debian.org/security/2005/dsa-877 http://www.securityfocus.com/bid/15228 http://secunia.com/advisories/17351 http://www.osvdb.org/20360 http://securitytracker.com/id?1015118 http://www.novell.com/linux/security/advisories/2005_28_sr.html http://secunia.com/advisories/17559 http://www.novell.com/linux/security/advisories/2005_27_sr.html http://securityreason.com/securityalert/127 http://www.vupen.com/english/advisories/2005/2242 https://nvd.nist.gov https://www.debian.org/security/./dsa-877

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-3123

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect