Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities by phpsysinfo
CVE-2023-49006 (GCVE-0-2023-49006)
Vulnerability from cvelistv5 – Published: 2023-12-19 00:00 – Updated: 2024-08-02 21:46
VLAI
Summary
Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:29.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/ca6d669f-fd82-4188-aae2-69e08740d982/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpsysinfo/phpsysinfo/commit/4f2cee505e4f2e9b369a321063ff2c5e0c34ba45"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Hebing123/cve/issues/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-19T09:18:50.400Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://huntr.com/bounties/ca6d669f-fd82-4188-aae2-69e08740d982/"
},
{
"url": "https://github.com/phpsysinfo/phpsysinfo/commit/4f2cee505e4f2e9b369a321063ff2c5e0c34ba45"
},
{
"url": "https://github.com/Hebing123/cve/issues/5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49006",
"datePublished": "2023-12-19T00:00:00.000Z",
"dateReserved": "2023-11-20T00:00:00.000Z",
"dateUpdated": "2024-08-02T21:46:29.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4048 (GCVE-0-2007-4048)
Vulnerability from cvelistv5 – Published: 2007-07-30 16:00 – Updated: 2024-08-07 14:37
VLAI
Summary
Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/474756/100… | mailing-listx_refsource_BUGTRAQ |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://download.phpgroupware.org/ | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/25090 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/26473 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/26248 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/2952 | third-party-advisoryx_refsource_SREASON |
| http://osvdb.org/36601 | vdb-entryx_refsource_OSVDB |
Date Public
2007-07-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:06.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070725 PHPSysInfo Index.php Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/474756/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=532143"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.phpgroupware.org/"
},
{
"name": "25090",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25090"
},
{
"name": "26473",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26473"
},
{
"name": "26248",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26248"
},
{
"name": "2952",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2952"
},
{
"name": "36601",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070725 PHPSysInfo Index.php Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/474756/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=532143"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.phpgroupware.org/"
},
{
"name": "25090",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25090"
},
{
"name": "26473",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26473"
},
{
"name": "26248",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26248"
},
{
"name": "2952",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2952"
},
{
"name": "36601",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070725 PHPSysInfo Index.php Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474756/100/0/threaded"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=532143",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=532143"
},
{
"name": "http://download.phpgroupware.org/",
"refsource": "CONFIRM",
"url": "http://download.phpgroupware.org/"
},
{
"name": "25090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25090"
},
{
"name": "26473",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26473"
},
{
"name": "26248",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26248"
},
{
"name": "2952",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2952"
},
{
"name": "36601",
"refsource": "OSVDB",
"url": "http://osvdb.org/36601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4048",
"datePublished": "2007-07-30T16:00:00.000Z",
"dateReserved": "2007-07-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:37:06.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3360 (GCVE-0-2006-3360)
Vulnerability from cvelistv5 – Published: 2006-07-06 00:00 – Updated: 2024-08-07 18:23
VLAI
Summary
Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1016440 | vdb-entry |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
| http://www.vupen.com/english/advisories/2006/2668 | vdb-entry |
| http://www.osvdb.org/27015 | vdb-entry |
| http://secunia.com/advisories/20939 | third-party-advisory |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-list |
| http://www.securityfocus.com/bid/18868 | vdb-entry |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-list |
| https://github.com/advisories/GHSA-2wxv-3g4v-p76p | |
| https://github.com/phpsysinfo/phpsysinfo/issues/3… |
Date Public
2006-07-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1016440",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016440"
},
{
"name": "phpsysinfo-lng-information-disclosure(27527)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27527"
},
{
"name": "ADV-2006-2668",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2668"
},
{
"name": "27015",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.osvdb.org/27015"
},
{
"name": "20939",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/20939"
},
{
"name": "20060705 Re: phpSysInfo arbitrary file identification",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0066.html"
},
{
"name": "18868",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18868"
},
{
"name": "20060705 phpSysInfo arbitrary file identification",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0065.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-2wxv-3g4v-p76p"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpsysinfo/phpsysinfo/issues/368#issuecomment-1380842745"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1016440",
"tags": [
"vdb-entry"
],
"url": "http://securitytracker.com/id?1016440"
},
{
"name": "phpsysinfo-lng-information-disclosure(27527)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27527"
},
{
"name": "ADV-2006-2668",
"tags": [
"vdb-entry"
],
"url": "http://www.vupen.com/english/advisories/2006/2668"
},
{
"name": "27015",
"tags": [
"vdb-entry"
],
"url": "http://www.osvdb.org/27015"
},
{
"name": "20939",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/20939"
},
{
"name": "20060705 Re: phpSysInfo arbitrary file identification",
"tags": [
"mailing-list"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0066.html"
},
{
"name": "18868",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/18868"
},
{
"name": "20060705 phpSysInfo arbitrary file identification",
"tags": [
"mailing-list"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0065.html"
},
{
"url": "https://github.com/advisories/GHSA-2wxv-3g4v-p76p"
},
{
"url": "https://github.com/phpsysinfo/phpsysinfo/issues/368#issuecomment-1380842745"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3360",
"datePublished": "2006-07-06T00:00:00.000Z",
"dateReserved": "2006-07-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:23:21.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3348 (GCVE-0-2005-3348)
Vulnerability from cvelistv5 – Published: 2005-11-18 02:00 – Updated: 2024-08-07 23:10
VLAI
Summary
HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2005-11-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17616",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17616"
},
{
"name": "MDKSA-2005:212",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:212"
},
{
"name": "15396",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15396"
},
{
"name": "GLSA-200511-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml"
},
{
"name": "15414",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15414"
},
{
"name": "17698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17698"
},
{
"name": "DSA-898",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-898"
},
{
"name": "17441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17441"
},
{
"name": "20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/416543"
},
{
"name": "DSA-897",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-897"
},
{
"name": "17620",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17620"
},
{
"name": "17584",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17584"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory_212005.81.html"
},
{
"name": "17570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17570"
},
{
"name": "DSA-899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-899"
},
{
"name": "17643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17643"
},
{
"name": "phpsysinfo-registerglobal-data-manipulation(23107)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "17616",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17616"
},
{
"name": "MDKSA-2005:212",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:212"
},
{
"name": "15396",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15396"
},
{
"name": "GLSA-200511-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml"
},
{
"name": "15414",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15414"
},
{
"name": "17698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17698"
},
{
"name": "DSA-898",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-898"
},
{
"name": "17441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17441"
},
{
"name": "20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/416543"
},
{
"name": "DSA-897",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-897"
},
{
"name": "17620",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17620"
},
{
"name": "17584",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17584"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory_212005.81.html"
},
{
"name": "17570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17570"
},
{
"name": "DSA-899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-899"
},
{
"name": "17643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17643"
},
{
"name": "phpsysinfo-registerglobal-data-manipulation(23107)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23107"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17616",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17616"
},
{
"name": "MDKSA-2005:212",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:212"
},
{
"name": "15396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15396"
},
{
"name": "GLSA-200511-18",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml"
},
{
"name": "15414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15414"
},
{
"name": "17698",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17698"
},
{
"name": "DSA-898",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-898"
},
{
"name": "17441",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17441"
},
{
"name": "20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/416543"
},
{
"name": "DSA-897",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-897"
},
{
"name": "17620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17620"
},
{
"name": "17584",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17584"
},
{
"name": "http://www.hardened-php.net/advisory_212005.81.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_212005.81.html"
},
{
"name": "17570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17570"
},
{
"name": "DSA-899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-899"
},
{
"name": "17643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17643"
},
{
"name": "phpsysinfo-registerglobal-data-manipulation(23107)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23107"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-3348",
"datePublished": "2005-11-18T02:00:00.000Z",
"dateReserved": "2005-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:10:08.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0870 (GCVE-0-2005-0870)
Vulnerability from cvelistv5 – Published: 2005-03-26 05:00 – Updated: 2024-08-07 21:28
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2005-03-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:28.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17616",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17616"
},
{
"name": "MDKSA-2005:212",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:212"
},
{
"name": "15414",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15414"
},
{
"name": "14690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14690/"
},
{
"name": "DSA-898",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-898"
},
{
"name": "20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111161017209422\u0026w=2"
},
{
"name": "phpsysinfo-sensor-program-xss(19807)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19807"
},
{
"name": "20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/416543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118"
},
{
"name": "12887",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12887"
},
{
"name": "DSA-897",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-897"
},
{
"name": "DSA-724",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-724"
},
{
"name": "DSA-899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-899"
},
{
"name": "17643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17643"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17616",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17616"
},
{
"name": "MDKSA-2005:212",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:212"
},
{
"name": "15414",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15414"
},
{
"name": "14690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14690/"
},
{
"name": "DSA-898",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-898"
},
{
"name": "20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111161017209422\u0026w=2"
},
{
"name": "phpsysinfo-sensor-program-xss(19807)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19807"
},
{
"name": "20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/416543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118"
},
{
"name": "12887",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12887"
},
{
"name": "DSA-897",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-897"
},
{
"name": "DSA-724",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-724"
},
{
"name": "DSA-899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-899"
},
{
"name": "17643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17643"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17616",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17616"
},
{
"name": "MDKSA-2005:212",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:212"
},
{
"name": "15414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15414"
},
{
"name": "14690",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14690/"
},
{
"name": "DSA-898",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-898"
},
{
"name": "20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111161017209422\u0026w=2"
},
{
"name": "phpsysinfo-sensor-program-xss(19807)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19807"
},
{
"name": "20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/416543"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118"
},
{
"name": "12887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12887"
},
{
"name": "DSA-897",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-897"
},
{
"name": "DSA-724",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-724"
},
{
"name": "DSA-899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-899"
},
{
"name": "17643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17643"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0870",
"datePublished": "2005-03-26T05:00:00.000Z",
"dateReserved": "2005-03-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:28:28.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0869 (GCVE-0-2005-0869)
Vulnerability from cvelistv5 – Published: 2005-03-26 05:00 – Updated: 2024-08-07 21:28
VLAI
Summary
phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/14690/ | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=111161017209422&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2005-03-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:28.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpsysinfo-path-disclosure(19808)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19808"
},
{
"name": "14690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14690/"
},
{
"name": "20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111161017209422\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpsysinfo-path-disclosure(19808)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19808"
},
{
"name": "14690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14690/"
},
{
"name": "20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111161017209422\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpsysinfo-path-disclosure(19808)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19808"
},
{
"name": "14690",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14690/"
},
{
"name": "20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111161017209422\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0869",
"datePublished": "2005-03-26T05:00:00.000Z",
"dateReserved": "2005-03-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:28:28.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0536 (GCVE-0-2003-0536)
Vulnerability from cvelistv5 – Published: 2003-07-10 04:00 – Updated: 2024-08-08 01:58
VLAI
Summary
Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=105128606513226&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.debian.org/security/2003/dsa-346 | vendor-advisoryx_refsource_DEBIAN |
| http://sourceforge.net/tracker/index.php?func=det… | x_refsource_MISC |
Date Public
2003-04-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:11.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030425 Unauthorized reading files on phpSysInfo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105128606513226\u0026w=2"
},
{
"name": "DSA-346",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-346"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=670222\u0026group_id=15\u0026atid=100015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-04-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030425 Unauthorized reading files on phpSysInfo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105128606513226\u0026w=2"
},
{
"name": "DSA-346",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-346"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=670222\u0026group_id=15\u0026atid=100015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030425 Unauthorized reading files on phpSysInfo",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105128606513226\u0026w=2"
},
{
"name": "DSA-346",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-346"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=670222\u0026group_id=15\u0026atid=100015",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=670222\u0026group_id=15\u0026atid=100015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0536",
"datePublished": "2003-07-10T04:00:00.000Z",
"dateReserved": "2003-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:58:11.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49006 (GCVE-0-2023-49006)
Vulnerability from nvd – Published: 2023-12-19 00:00 – Updated: 2024-08-02 21:46
VLAI
Summary
Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:46:29.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/ca6d669f-fd82-4188-aae2-69e08740d982/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpsysinfo/phpsysinfo/commit/4f2cee505e4f2e9b369a321063ff2c5e0c34ba45"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Hebing123/cve/issues/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-19T09:18:50.400Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://huntr.com/bounties/ca6d669f-fd82-4188-aae2-69e08740d982/"
},
{
"url": "https://github.com/phpsysinfo/phpsysinfo/commit/4f2cee505e4f2e9b369a321063ff2c5e0c34ba45"
},
{
"url": "https://github.com/Hebing123/cve/issues/5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49006",
"datePublished": "2023-12-19T00:00:00.000Z",
"dateReserved": "2023-11-20T00:00:00.000Z",
"dateUpdated": "2024-08-02T21:46:29.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4048 (GCVE-0-2007-4048)
Vulnerability from nvd – Published: 2007-07-30 16:00 – Updated: 2024-08-07 14:37
VLAI
Summary
Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/474756/100… | mailing-listx_refsource_BUGTRAQ |
| http://sourceforge.net/project/shownotes.php?rele… | x_refsource_CONFIRM |
| http://download.phpgroupware.org/ | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/25090 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/26473 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/26248 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/2952 | third-party-advisoryx_refsource_SREASON |
| http://osvdb.org/36601 | vdb-entryx_refsource_OSVDB |
Date Public
2007-07-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:06.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070725 PHPSysInfo Index.php Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/474756/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=532143"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.phpgroupware.org/"
},
{
"name": "25090",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25090"
},
{
"name": "26473",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26473"
},
{
"name": "26248",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26248"
},
{
"name": "2952",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2952"
},
{
"name": "36601",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070725 PHPSysInfo Index.php Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/474756/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=532143"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.phpgroupware.org/"
},
{
"name": "25090",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25090"
},
{
"name": "26473",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26473"
},
{
"name": "26248",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26248"
},
{
"name": "2952",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2952"
},
{
"name": "36601",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070725 PHPSysInfo Index.php Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474756/100/0/threaded"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=532143",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=532143"
},
{
"name": "http://download.phpgroupware.org/",
"refsource": "CONFIRM",
"url": "http://download.phpgroupware.org/"
},
{
"name": "25090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25090"
},
{
"name": "26473",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26473"
},
{
"name": "26248",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26248"
},
{
"name": "2952",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2952"
},
{
"name": "36601",
"refsource": "OSVDB",
"url": "http://osvdb.org/36601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4048",
"datePublished": "2007-07-30T16:00:00.000Z",
"dateReserved": "2007-07-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:37:06.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3360 (GCVE-0-2006-3360)
Vulnerability from nvd – Published: 2006-07-06 00:00 – Updated: 2024-08-07 18:23
VLAI
Summary
Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1016440 | vdb-entry |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
| http://www.vupen.com/english/advisories/2006/2668 | vdb-entry |
| http://www.osvdb.org/27015 | vdb-entry |
| http://secunia.com/advisories/20939 | third-party-advisory |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-list |
| http://www.securityfocus.com/bid/18868 | vdb-entry |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-list |
| https://github.com/advisories/GHSA-2wxv-3g4v-p76p | |
| https://github.com/phpsysinfo/phpsysinfo/issues/3… |
Date Public
2006-07-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1016440",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016440"
},
{
"name": "phpsysinfo-lng-information-disclosure(27527)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27527"
},
{
"name": "ADV-2006-2668",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2668"
},
{
"name": "27015",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.osvdb.org/27015"
},
{
"name": "20939",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://secunia.com/advisories/20939"
},
{
"name": "20060705 Re: phpSysInfo arbitrary file identification",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0066.html"
},
{
"name": "18868",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18868"
},
{
"name": "20060705 phpSysInfo arbitrary file identification",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0065.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-2wxv-3g4v-p76p"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/phpsysinfo/phpsysinfo/issues/368#issuecomment-1380842745"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1016440",
"tags": [
"vdb-entry"
],
"url": "http://securitytracker.com/id?1016440"
},
{
"name": "phpsysinfo-lng-information-disclosure(27527)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27527"
},
{
"name": "ADV-2006-2668",
"tags": [
"vdb-entry"
],
"url": "http://www.vupen.com/english/advisories/2006/2668"
},
{
"name": "27015",
"tags": [
"vdb-entry"
],
"url": "http://www.osvdb.org/27015"
},
{
"name": "20939",
"tags": [
"third-party-advisory"
],
"url": "http://secunia.com/advisories/20939"
},
{
"name": "20060705 Re: phpSysInfo arbitrary file identification",
"tags": [
"mailing-list"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0066.html"
},
{
"name": "18868",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/18868"
},
{
"name": "20060705 phpSysInfo arbitrary file identification",
"tags": [
"mailing-list"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0065.html"
},
{
"url": "https://github.com/advisories/GHSA-2wxv-3g4v-p76p"
},
{
"url": "https://github.com/phpsysinfo/phpsysinfo/issues/368#issuecomment-1380842745"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3360",
"datePublished": "2006-07-06T00:00:00.000Z",
"dateReserved": "2006-07-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:23:21.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3348 (GCVE-0-2005-3348)
Vulnerability from nvd – Published: 2005-11-18 02:00 – Updated: 2024-08-07 23:10
VLAI
Summary
HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
17 references
Date Public
2005-11-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17616",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17616"
},
{
"name": "MDKSA-2005:212",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:212"
},
{
"name": "15396",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15396"
},
{
"name": "GLSA-200511-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml"
},
{
"name": "15414",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15414"
},
{
"name": "17698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17698"
},
{
"name": "DSA-898",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-898"
},
{
"name": "17441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17441"
},
{
"name": "20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/416543"
},
{
"name": "DSA-897",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-897"
},
{
"name": "17620",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17620"
},
{
"name": "17584",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17584"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory_212005.81.html"
},
{
"name": "17570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17570"
},
{
"name": "DSA-899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-899"
},
{
"name": "17643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17643"
},
{
"name": "phpsysinfo-registerglobal-data-manipulation(23107)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23107"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "17616",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17616"
},
{
"name": "MDKSA-2005:212",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:212"
},
{
"name": "15396",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15396"
},
{
"name": "GLSA-200511-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml"
},
{
"name": "15414",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15414"
},
{
"name": "17698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17698"
},
{
"name": "DSA-898",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-898"
},
{
"name": "17441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17441"
},
{
"name": "20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/416543"
},
{
"name": "DSA-897",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-897"
},
{
"name": "17620",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17620"
},
{
"name": "17584",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17584"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory_212005.81.html"
},
{
"name": "17570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17570"
},
{
"name": "DSA-899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-899"
},
{
"name": "17643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17643"
},
{
"name": "phpsysinfo-registerglobal-data-manipulation(23107)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23107"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17616",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17616"
},
{
"name": "MDKSA-2005:212",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:212"
},
{
"name": "15396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15396"
},
{
"name": "GLSA-200511-18",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-18.xml"
},
{
"name": "15414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15414"
},
{
"name": "17698",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17698"
},
{
"name": "DSA-898",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-898"
},
{
"name": "17441",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17441"
},
{
"name": "20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/416543"
},
{
"name": "DSA-897",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-897"
},
{
"name": "17620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17620"
},
{
"name": "17584",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17584"
},
{
"name": "http://www.hardened-php.net/advisory_212005.81.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_212005.81.html"
},
{
"name": "17570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17570"
},
{
"name": "DSA-899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-899"
},
{
"name": "17643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17643"
},
{
"name": "phpsysinfo-registerglobal-data-manipulation(23107)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23107"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2005-3348",
"datePublished": "2005-11-18T02:00:00.000Z",
"dateReserved": "2005-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:10:08.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0870 (GCVE-0-2005-0870)
Vulnerability from nvd – Published: 2005-03-26 05:00 – Updated: 2024-08-07 21:28
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2005-03-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:28.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17616",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17616"
},
{
"name": "MDKSA-2005:212",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:212"
},
{
"name": "15414",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15414"
},
{
"name": "14690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14690/"
},
{
"name": "DSA-898",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-898"
},
{
"name": "20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111161017209422\u0026w=2"
},
{
"name": "phpsysinfo-sensor-program-xss(19807)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19807"
},
{
"name": "20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/416543"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118"
},
{
"name": "12887",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12887"
},
{
"name": "DSA-897",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-897"
},
{
"name": "DSA-724",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-724"
},
{
"name": "DSA-899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-899"
},
{
"name": "17643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17643"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17616",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17616"
},
{
"name": "MDKSA-2005:212",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:212"
},
{
"name": "15414",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15414"
},
{
"name": "14690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14690/"
},
{
"name": "DSA-898",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-898"
},
{
"name": "20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111161017209422\u0026w=2"
},
{
"name": "phpsysinfo-sensor-program-xss(19807)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19807"
},
{
"name": "20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/416543"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118"
},
{
"name": "12887",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12887"
},
{
"name": "DSA-897",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-897"
},
{
"name": "DSA-724",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-724"
},
{
"name": "DSA-899",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-899"
},
{
"name": "17643",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17643"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17616",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17616"
},
{
"name": "MDKSA-2005:212",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:212"
},
{
"name": "15414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15414"
},
{
"name": "14690",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14690/"
},
{
"name": "DSA-898",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-898"
},
{
"name": "20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111161017209422\u0026w=2"
},
{
"name": "phpsysinfo-sensor-program-xss(19807)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19807"
},
{
"name": "20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/416543"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118"
},
{
"name": "12887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12887"
},
{
"name": "DSA-897",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-897"
},
{
"name": "DSA-724",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-724"
},
{
"name": "DSA-899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-899"
},
{
"name": "17643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17643"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0870",
"datePublished": "2005-03-26T05:00:00.000Z",
"dateReserved": "2005-03-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:28:28.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0869 (GCVE-0-2005-0869)
Vulnerability from nvd – Published: 2005-03-26 05:00 – Updated: 2024-08-07 21:28
VLAI
Summary
phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/14690/ | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=111161017209422&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
2005-03-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:28.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpsysinfo-path-disclosure(19808)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19808"
},
{
"name": "14690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14690/"
},
{
"name": "20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111161017209422\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpsysinfo-path-disclosure(19808)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19808"
},
{
"name": "14690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14690/"
},
{
"name": "20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111161017209422\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpsysinfo-path-disclosure(19808)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19808"
},
{
"name": "14690",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14690/"
},
{
"name": "20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111161017209422\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0869",
"datePublished": "2005-03-26T05:00:00.000Z",
"dateReserved": "2005-03-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:28:28.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0536 (GCVE-0-2003-0536)
Vulnerability from nvd – Published: 2003-07-10 04:00 – Updated: 2024-08-08 01:58
VLAI
Summary
Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=105128606513226&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.debian.org/security/2003/dsa-346 | vendor-advisoryx_refsource_DEBIAN |
| http://sourceforge.net/tracker/index.php?func=det… | x_refsource_MISC |
Date Public
2003-04-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:11.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030425 Unauthorized reading files on phpSysInfo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105128606513226\u0026w=2"
},
{
"name": "DSA-346",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-346"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=670222\u0026group_id=15\u0026atid=100015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-04-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030425 Unauthorized reading files on phpSysInfo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105128606513226\u0026w=2"
},
{
"name": "DSA-346",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-346"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=670222\u0026group_id=15\u0026atid=100015"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030425 Unauthorized reading files on phpSysInfo",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105128606513226\u0026w=2"
},
{
"name": "DSA-346",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-346"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=670222\u0026group_id=15\u0026atid=100015",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=670222\u0026group_id=15\u0026atid=100015"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0536",
"datePublished": "2003-07-10T04:00:00.000Z",
"dateReserved": "2003-07-09T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:58:11.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}