CVE Reference: CVE-2005-2256

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2005-2256

Description:
Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.

CVE Status:
Candidate

References:

ST
  1014414

SAID
  Secunia Advisory: SA16116
  Secunia Advisory: SA15941

MLIST
  http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html

MISC
  http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html

DEBIAN
  http://www.debian.org/security/2005/dsa-759

CONFIRM
  http://sourceforge.net/project/shownotes.php?release_id=342261

BID
  14142


Return to the previous page.