[VIM] paFileDB Path Disclosure mess (update)
security curmudgeon
jericho at attrition.org
Mon May 23 07:24:44 EDT 2005
almost done working through this. will have a summary shortly..
adding one more cve that covers this
--
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-1974
20040427
paFileDB 3.1 allows remote attackers to gain sensitive information via a direct
request to (1) login.php, (2) category.php, (3) search.php, (4) main.php, (5)
viewall.php, (6) download.php, (7) email.php, (8) file.php, (9) rate.php, or
(10) stats.php, which reveals the path in an error message.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-0724
20050308
paFileDB 3.1 and earlier allows remote attackers to obtain sensitive
information via (1) an invalid str parameter to pafiledb.php, or a direct
request to (2) viewall.php, (3) stats.php, (4) search.php, (5) rate.php, (6)
main.php, (7) license.php, (8) category.php, (9) download.php, (10) file.php,
(11) email.php, or (12) admin.php, which reveals the path in a PHP error
message.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-0780
20050312
paFileDB 3.1 and earlier allows remote attackers to obtain sensitive
information via a direct request to (1) auth.php, (2) login.php, (3)
category.php, (4) file.php, (5) team.php, (6) license.php, (7) custom.php, (8)
admins.php, or (9) backupdb.php, which reveal the path in a PHP error message.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-0326
20050131
pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive
information via an invalid or missing action parameter, which reveals the
path in an error message when it cannot include a login.php script.
More information about the VIM
mailing list