Vulnerabilities > CVE-2005-2951 - Unspecified vulnerability in Azerbaijan Development Group Azdgdating 2.1.3
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN azerbaijan-development-group
exploit available
Summary
Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP commands via ".." sequences and "%00" (trailing null byte) characters in the l parameter, which is used in an include_once statement.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | AzDGDatingLite <= 2.1.3 Remote Code Execution Exploit. CVE-2005-2951. Webapps exploit for php platform |
| id | EDB-ID:1214 |
| last seen | 2016-01-31 |
| modified | 2005-09-13 |
| published | 2005-09-13 |
| reporter | rgod |
| source | https://www.exploit-db.com/download/1214/ |
| title | AzDGDatingLite <= 2.1.3 - Remote Code Execution Exploit |
References
- http://marc.info/?l=bugtraq&m=112662698511403&w=2
- http://marc.info/?l=bugtraq&m=112662698511403&w=2
- http://rgod.altervista.org/azdg.html
- http://rgod.altervista.org/azdg.html
- http://secunia.com/advisories/16814/
- http://secunia.com/advisories/16814/
- http://securityreason.com/securityalert/5
- http://securityreason.com/securityalert/5
- http://www.securityfocus.com/bid/14819
- http://www.securityfocus.com/bid/14819
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22258
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22258