Vulnerabilities > CVE-2005-1571 - Directory Traversal vulnerability in Wenig and Spitzer-Williams Showoff Digital Media Software 1.5.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow remote attackers to read arbitrary files via ".." sequences in arguments to the (1) ShowAlbum, (2) ShowVideo, or (3) ShowGraphic scripts.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Web Servers |
NASL id | SHOWOFF_154_MULT_VULNS.NASL |
description | The version of ShowOff! Digital Media Software installed on the remote host suffers from multiple vulnerabilities: - A Denial of Service Vulnerability If Picture Submissions has been enabled (it is off by default), an attacker can cause the software to stop listening for requests by sending a malformed request to the upload port for picture submissions (port 8083 by default). - Multiple Directory Traversal Vulnerabilities An attacker can retrieve files outside the configured web document root, potentially resulting in the disclosure of sensitive information. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18249 |
published | 2005-05-12 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18249 |
title | ShowOff! Digital Media Software <= 1.5.4 Multiple Remote Vulnerabilities |
code |
|