Vulnerabilities > CVE-2005-3097 - Directory Traversal vulnerability in AVI Alkalay Contribute.Cgi 16Jun2002

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
avi-alkalay
nessus

Summary

Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka contribute.pl), dated 16 Jun 2002, allows remote attackers to overwrite arbitrary files via ".." sequences in the contribdir variable.

Vulnerable Configurations

Part Description Count
Application
Avi_Alkalay
1

Nessus

NASL familyCGI abuses
NASL idALKALAY_CMD_EXEC.NASL
descriptionThe remote host appears to be running at least one CGI script written by Avi Alkalay that allows attackers to execute arbitrary commands or read arbitrary files on the remote host subject to the privileges of the web server user id.
last seen2020-06-01
modified2020-06-02
plugin id19780
published2005-09-27
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/19780
titleAlkalay.Net Multiple Scripts Arbitrary Command Execution