[VIM] paFileDB Path Disclosure mess (summary)
security curmudgeon
jericho at attrition.org
Mon May 23 07:31:44 EDT 2005
well, we ended up having as many as three entries for the same vuln.
gruesome for a VDB =(
here is the summary. most of these are stable so everyone can check them
out. as such i'm not going to list all the CVEs with each. this will show
the unique scripts and first date of disclosure though. there were 4 CVE
entries attached to them, quoted in previous mail.
1000277 paFileDB xx Path Disclosure Mar 12, 2005 Mangle
not yet public. this will cover custom.php and backupdb.php from CVE
2005-0780, as well as a few others I mailed you about seperately. waiting
to create these entries based on your comments and the potential for it
including more vulnerable scripts.
5696 paFileDB pafiledb.php Installation Path Disclosure Mar 8, 2005 Stable
14972 paFileDB license.php Installation Path Disclosure Mar 8, 2005 Stable
14977 paFileDB admin.php Installation Path Disclosure Mar 8, 2005 Stable
13495 paFileDB $action.php Path Disclosure Feb 5, 2005 New
12264 paFileDB admins.php Path Disclosure Dec 3, 2004 New
12266 paFileDB team.php Path Disclosure Dec 3, 2004 New
14967 paFileDB viewall.php Installation Path Disclosure Apr 27, 2004 Stable
14968 paFileDB stats.php Installation Path Disclosure Apr 27, 2004 Stable
14969 paFileDB search.php Installation Path Disclosure Apr 27, 2004 Stable
14970 paFileDB rate.php Installation Path Disclosure Apr 27, 2004 Stable
14971 paFileDB main.php Installation Path Disclosure Apr 27, 2004 Stable
14973 paFileDB category.php Installation Path Disclosure Apr 27, 2004 Stable
14974 paFileDB download.php Installation Path Disclosure Apr 27, 2004 Stable
14975 paFileDB file.php Installation Path Disclosure Apr 27, 2004 Stable
14976 paFileDB email.php Installation Path Disclosure Apr 27, 2004 Stable
15033 paFileDB login.php Installation Path Disclosure Apr 27, 2004 Stable
More information about the VIM
mailing list