Vulnerabilities > CVE-2005-1201
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple directory traversal vulnerabilities in AZ Bulletin board (AZbb) before 1.0.08 allow (1) remote authenticated users with administrative privileges to delete arbitrary files via a .. (dot dot) in the URL to admin_avatar.php or admin_attachment.php or (2) remote attackers to enumerate files via a .. (dot dot) in the attachment parameter to attachment.php, which displays a different message when a file exists or does not exist.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Exploit-Db
| description | AZBB < 1.0.07d - Multiple Vulnerabilities. CVE-2005-1200,CVE-2005-1201. Webapps exploit for PHP platform |
| id | EDB-ID:43823 |
| last seen | 2018-01-24 |
| modified | 2015-04-19 |
| published | 2015-04-19 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/43823/ |
| title | AZBB < 1.0.07d - Multiple Vulnerabilities |
References
- http://azbb.cyaccess.com/azbb.php?1091778548
- http://marc.info/?l=bugtraq&m=111401838521857&w=2
- http://secunia.com/advisories/15013
- http://www.gulftech.org/?node=research&article_id=00068-04192005
- http://www.osvdb.org/15701
- http://www.osvdb.org/15702
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20180
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20183