Back to search
CVE-2005-1201
Published: Apr 21, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple directory traversal vulnerabilities in AZ Bulletin board (AZbb) before 1.0.08 allow (1) remote authenticated users with administrative privileges to delete arbitrary files via a .. (dot dot) in the URL to admin_avatar.php or admin_attachment.php or (2) remote attackers to enumerate files via a .. (dot dot) in the attachment parameter to attachment.php, which displays a different message when a file exists or does not exist.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.gulftech.org/?node=research&article_id=00068-04192005
x_refsource_MISC
http://azbb.cyaccess.com/azbb.php?1091778548
x_refsource_CONFIRM
az-bulletin-board-file-existence(20183)
vdb-entry
x_refsource_XF
15013
third-party-advisory
x_refsource_SECUNIA
20050420 Multiple Security Issues Found In AZBB
mailing-list
x_refsource_BUGTRAQ
15701
vdb-entry
x_refsource_OSVDB
az-bulletin-board-file-modification(20180)
vdb-entry
x_refsource_XF
15702
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now