Vulnerabilities > CVE-2005-0299 - Information Disclosure vulnerability in GForge
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in GForge 3.3 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the (1) dir parameter to controller.php or (2) dir_name parameter to controlleroo.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
NASL family CGI abuses NASL id GFORGE_DIR_DISCLOSURE.NASL description The remote host is running GForge, a CVS repository browser written in PHP. The installed version fails to properly sanitize user-supplied data to the last seen 2020-06-01 modified 2020-06-02 plugin id 16225 published 2005-01-21 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16225 title GForge Multiple Script Traversal Arbitrary Directory Listing NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_FE903533FF964C7ABD3E4D40EFA71897.NASL description An STG Security Advisory reports : GForge CVS module made by Dragos Moinescu and another module made by Ronald Petty have a directory traversal vulnerability. [...] malicious attackers can read arbitrary directory lists. last seen 2020-06-01 modified 2020-06-02 plugin id 19187 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19187 title FreeBSD : gforge -- directory traversal vulnerability (fe903533-ff96-4c7a-bd3e-4d40efa71897)