Published: 18/11/2005 Updated: 11/07/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and previous versions, as used in phpgroupware 0.9.16 and previous versions, and egrouwpware prior to 1.0.0.009, allow remote malicious users to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpgroupware phpgroupware 0.9.16

Debian Bug report logs - #339079 CVE-2005-334[78]: Two vulnerabilities in phpsysinfo Package: phpsysinfo; Maintainer for phpsysinfo is Bjoern Boschman <bjoern@boschmande>; Source for phpsysinfo is src:phpsysinfo (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 14 Nov 2005 20:49:25 UT ...

Several vulnerabilities have been discovered in phpsysinfo, a PHP based host information application The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-0870 Maksymilian Arciemowicz discovered several cross site scripting problems, of which not all were fixed in DSA 724 CVE-2005-3347 Christop ...

Several vulnerabilities have been discovered in phpsysinfo, a PHP based host information application that is included in phpgroupware The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-0870 Maksymilian Arciemowicz discovered several cross site scripting problems, of which not all were fixed in ...

Several vulnerabilities have been discovered in egroupware, a web-based groupware suite The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-0870 Maksymilian Arciemowicz discovered several cross site scripting problems in phpsysinfo, which are also present in the imported version in egroupware a ...

phpSysInfo versions 24 and below suffer from cross site scripting, HTTP response splitting, and arbitrary file inclusion flaws ...

CWE-22 http://www.debian.org/security/2005/dsa-898 http://www.securityfocus.com/archive/1/416543 http://www.hardened-php.net/advisory_212005.81.html http://www.debian.org/security/2005/dsa-899 http://www.securityfocus.com/bid/15414 http://www.debian.org/security/2005/dsa-897 http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml http://secunia.com/advisories/17698 http://www.securityfocus.com/bid/15396 http://secunia.com/advisories/17441 http://secunia.com/advisories/17570 http://secunia.com/advisories/17584 http://secunia.com/advisories/17620 http://secunia.com/advisories/17616 http://secunia.com/advisories/17643 http://www.mandriva.com/security/advisories?name=MDKSA-2005:212 https://exchange.xforce.ibmcloud.com/vulnerabilities/23107 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339079 https://nvd.nist.gov https://www.debian.org/security/./dsa-897

CVE-2005-3347

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect