[VIM] paFileDB Path Disclosure mess
security curmudgeon
jericho at attrition.org
Mon May 23 06:21:25 EDT 2005
Looks like there are 3 seperate times where someone discovered several
path disclosure vulns in paFileDB. Enough time passed between them so
CVE/OSVDB didn't notice. I only noticed it now because I was going back
matching IDs between the two databases.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-1974
20040427
paFileDB 3.1 allows remote attackers to gain sensitive information via a
direct request to (1) login.php, (2) category.php, (3) search.php, (4)
main.php, (5) viewall.php, (6) download.php, (7) email.php, (8) file.php,
(9) rate.php, or (10) stats.php, which reveals the path in an error
message.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-0724
20050308
paFileDB 3.1 and earlier allows remote attackers to obtain sensitive
information via (1) an invalid str parameter to pafiledb.php, or a direct
request to (2) viewall.php, (3) stats.php, (4) search.php, (5) rate.php,
(6) main.php, (7) license.php, (8) category.php, (9) download.php, (10)
file.php, (11) email.php, or (12) admin.php, which reveals the path in a
PHP error message.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-0780
20050312
paFileDB 3.1 and earlier allows remote attackers to obtain sensitive
information via a direct request to (1) auth.php, (2) login.php, (3)
category.php, (4) file.php, (5) team.php, (6) license.php, (7) custom.php,
(8) admins.php, or (9) backupdb.php, which reveal the path in a PHP error
message.
There is a lot of overlap on these, and they all affect version 3.1 =) I'm
currently cleaning up our mess of these.
.b
More information about the VIM
mailing list