Vulnerabilities > CVE-2005-3929 - Directory Traversal vulnerability in Xaraya
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via ".." sequences in the module parameter to index.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Exploit-Db
description | Xaraya. CVE-2005-3929. Dos exploit for php platform |
id | EDB-ID:1345 |
last seen | 2016-01-31 |
modified | 2005-11-29 |
published | 2005-11-29 |
reporter | rgod |
source | https://www.exploit-db.com/download/1345/ |
title | Xaraya <= 1.0.0 RC4 - create Denial of Service Exploit |
Nessus
NASL family | CGI abuses |
NASL id | XARAYA_MODULE_DIR_TRAVERSAL.NASL |
description | The version of Xaraya installed on the remote host does not sanitize input to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 20372 |
published | 2006-01-02 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/20372 |
title | Xaraya index.php module Parameter Traversal Arbitrary File/Directory Manipulation |
code |
|
References
- http://rgod.altervista.org/xaraya1DOS.hmtl
- http://secunia.com/advisories/17788
- http://securityreason.com/securityalert/217
- http://www.securityfocus.com/archive/1/418087/100/0/threaded
- http://www.securityfocus.com/archive/1/418191/100/0/threaded
- http://www.securityfocus.com/archive/1/418209/100/0/threaded
- http://www.securityfocus.com/bid/15623
- http://www.vupen.com/english/advisories/2005/2665