Vulnerabilities > CVE-2005-2154 - Unspecified vulnerability in Osticket STS 1.2/1.2.7/1.3Beta
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
PHP local file inclusion vulnerability in (1) view.php and (2) open.php in osTicket 1.3.1 beta and earlier allows remote attackers to include and possibly execute arbitrary local files via the inc parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
| description | OSTicket 1.2/1.3 view.php inc Variable Arbitrary Local File Inclusion. CVE-2005-2154. Webapps exploit for php platform |
| id | EDB-ID:25926 |
| last seen | 2016-02-03 |
| modified | 2005-06-30 |
| published | 2005-06-30 |
| reporter | edisan & foster |
| source | https://www.exploit-db.com/download/25926/ |
| title | OSTicket 1.2/1.3 view.php inc Variable Arbitrary Local File Inclusion |
Nessus
NASL family CGI abuses NASL id OSTICKET_131.NASL description The version of osTicket installed on the remote host suffers from several vulnerabilities, including: - A Local File Include Vulnerability The application fails to sanitize user-supplied input to the last seen 2020-06-01 modified 2020-06-02 plugin id 18612 published 2005-07-05 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18612 title osTicket <= 1.3.1 Multiple Vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-571.NASL description Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. When processing a request, the CUPS scheduler would use case-sensitive matching on the queue name to decide which authorization policy should be used. However, queue names are not case-sensitive. An unauthorized user could print to a password-protected queue without needing a password. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2154 to this issue. Please note that the version of CUPS included in Red Hat Enterprise Linux 4 is not vulnerable to this issue. All users of CUPS should upgrade to these erratum packages which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21842 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21842 title CentOS 3 : cups (CESA-2005:571) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-571.NASL description Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. When processing a request, the CUPS scheduler would use case-sensitive matching on the queue name to decide which authorization policy should be used. However, queue names are not case-sensitive. An unauthorized user could print to a password-protected queue without needing a password. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2154 to this issue. Please note that the version of CUPS included in Red Hat Enterprise Linux 4 is not vulnerable to this issue. All users of CUPS should upgrade to these erratum packages which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 19213 published 2005-07-16 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19213 title RHEL 3 : cups (RHSA-2005:571)