Search
Find a vulnerability
Search criteria
8 vulnerabilities by ciamos
CVE-2009-4156 (GCVE-0-2009-4156)
Vulnerability from nvd – Published: 2009-12-02 17:00 – Updated: 2024-08-07 06:54
VLAI
Summary
PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_path parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/10259 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/37160 | vdb-entryx_refsource_BID |
Date Public
2009-12-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10259",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/10259"
},
{
"name": "37160",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37160"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-17T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10259",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/10259"
},
{
"name": "37160",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37160"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10259",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10259"
},
{
"name": "37160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37160"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4156",
"datePublished": "2009-12-02T17:00:00.000Z",
"dateReserved": "2009-12-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:54:09.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5257 (GCVE-0-2006-5257)
Vulnerability from nvd – Published: 2006-10-12 22:00 – Updated: 2024-08-07 19:41
VLAI
Summary
PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/20403 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/2489 | exploitx_refsource_EXPLOIT-DB |
Date Public
2006-10-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:05.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ciamos-config-file-include(29398)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29398"
},
{
"name": "20403",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20403"
},
{
"name": "2489",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2489"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ciamos-config-file-include(29398)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29398"
},
{
"name": "20403",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20403"
},
{
"name": "2489",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2489"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ciamos-config-file-include(29398)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29398"
},
{
"name": "20403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20403"
},
{
"name": "2489",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2489"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5257",
"datePublished": "2006-10-12T22:00:00.000Z",
"dateReserved": "2006-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:41:05.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0827 (GCVE-0-2005-0827)
Vulnerability from nvd – Published: 2005-03-22 05:00 – Updated: 2024-08-07 21:28
VLAI
Summary
Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=111125588920928&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://marc.info/?l=bugtraq&m=111117182417422&w=2 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.ihsteam.com/download/sections/runcms%2… | x_refsource_MISC |
| http://secunia.com/advisories/14641 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2005-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:28.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050319 Ciamos Installation path(IHS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111125588920928\u0026w=2"
},
{
"name": "20050318 runcms installation path",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111117182417422\u0026w=2"
},
{
"name": "ciamos-viewcat-path-disclosure(19755)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19755"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf"
},
{
"name": "14641",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14641"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050319 Ciamos Installation path(IHS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111125588920928\u0026w=2"
},
{
"name": "20050318 runcms installation path",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111117182417422\u0026w=2"
},
{
"name": "ciamos-viewcat-path-disclosure(19755)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19755"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf"
},
{
"name": "14641",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14641"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050319 Ciamos Installation path(IHS)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111125588920928\u0026w=2"
},
{
"name": "20050318 runcms installation path",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111117182417422\u0026w=2"
},
{
"name": "ciamos-viewcat-path-disclosure(19755)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19755"
},
{
"name": "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf",
"refsource": "MISC",
"url": "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf"
},
{
"name": "14641",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14641"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0827",
"datePublished": "2005-03-22T05:00:00.000Z",
"dateReserved": "2005-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:28:28.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0828 (GCVE-0-2005-0828)
Vulnerability from nvd – Published: 2005-03-22 05:00 – Updated: 2024-08-07 21:28
VLAI
Summary
highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1013485 | vdb-entryx_refsource_SECTRACK |
| http://marc.info/?l=bugtraq&m=111125645312693&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/14890 | vdb-entryx_refsource_OSVDB |
| http://www.ihsteam.com/download/advisory/Exoops%2… | x_refsource_MISC |
| http://www.securityfocus.com/bid/12848 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/14648 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=111117241923006&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.ihsteam.com/download/sections/runcms%2… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/14641 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2005-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:28.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1013485",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013485"
},
{
"name": "20050319 Ciamos Highlight.php Security Hole(IHS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111125645312693\u0026w=2"
},
{
"name": "14890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/14890"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt"
},
{
"name": "12848",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12848"
},
{
"name": "14648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14648"
},
{
"name": "20050318 runcms highlight.php hole",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111117241923006\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf"
},
{
"name": "ciamos-file-information-disclosure(19754)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19754"
},
{
"name": "14641",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14641"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1013485",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013485"
},
{
"name": "20050319 Ciamos Highlight.php Security Hole(IHS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111125645312693\u0026w=2"
},
{
"name": "14890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/14890"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt"
},
{
"name": "12848",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12848"
},
{
"name": "14648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14648"
},
{
"name": "20050318 runcms highlight.php hole",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111117241923006\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf"
},
{
"name": "ciamos-file-information-disclosure(19754)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19754"
},
{
"name": "14641",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14641"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013485",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013485"
},
{
"name": "20050319 Ciamos Highlight.php Security Hole(IHS)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111125645312693\u0026w=2"
},
{
"name": "14890",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/14890"
},
{
"name": "http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt",
"refsource": "MISC",
"url": "http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt"
},
{
"name": "12848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12848"
},
{
"name": "14648",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14648"
},
{
"name": "20050318 runcms highlight.php hole",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111117241923006\u0026w=2"
},
{
"name": "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf",
"refsource": "MISC",
"url": "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf"
},
{
"name": "ciamos-file-information-disclosure(19754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19754"
},
{
"name": "14641",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14641"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0828",
"datePublished": "2005-03-22T05:00:00.000Z",
"dateReserved": "2005-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:28:28.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4156 (GCVE-0-2009-4156)
Vulnerability from cvelistv5 – Published: 2009-12-02 17:00 – Updated: 2024-08-07 06:54
VLAI
Summary
PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_path parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/10259 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/37160 | vdb-entryx_refsource_BID |
Date Public
2009-12-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10259",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/10259"
},
{
"name": "37160",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37160"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-17T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10259",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/10259"
},
{
"name": "37160",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37160"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in modules/pms/index.php in Ciamos CMS 0.9.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10259",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10259"
},
{
"name": "37160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37160"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4156",
"datePublished": "2009-12-02T17:00:00.000Z",
"dateReserved": "2009-12-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:54:09.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5257 (GCVE-0-2006-5257)
Vulnerability from cvelistv5 – Published: 2006-10-12 22:00 – Updated: 2024-08-07 19:41
VLAI
Summary
PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/20403 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/2489 | exploitx_refsource_EXPLOIT-DB |
Date Public
2006-10-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:41:05.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ciamos-config-file-include(29398)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29398"
},
{
"name": "20403",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20403"
},
{
"name": "2489",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2489"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ciamos-config-file-include(29398)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29398"
},
{
"name": "20403",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20403"
},
{
"name": "2489",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2489"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in modules/forum/include/config.php in Ciamos Content Management System (CMS) 0.9.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_cache_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ciamos-config-file-include(29398)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29398"
},
{
"name": "20403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20403"
},
{
"name": "2489",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2489"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5257",
"datePublished": "2006-10-12T22:00:00.000Z",
"dateReserved": "2006-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:41:05.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0827 (GCVE-0-2005-0827)
Vulnerability from cvelistv5 – Published: 2005-03-22 05:00 – Updated: 2024-08-07 21:28
VLAI
Summary
Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=111125588920928&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://marc.info/?l=bugtraq&m=111117182417422&w=2 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.ihsteam.com/download/sections/runcms%2… | x_refsource_MISC |
| http://secunia.com/advisories/14641 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2005-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:28.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050319 Ciamos Installation path(IHS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111125588920928\u0026w=2"
},
{
"name": "20050318 runcms installation path",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111117182417422\u0026w=2"
},
{
"name": "ciamos-viewcat-path-disclosure(19755)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19755"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf"
},
{
"name": "14641",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14641"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050319 Ciamos Installation path(IHS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111125588920928\u0026w=2"
},
{
"name": "20050318 runcms installation path",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111117182417422\u0026w=2"
},
{
"name": "ciamos-viewcat-path-disclosure(19755)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19755"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf"
},
{
"name": "14641",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14641"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050319 Ciamos Installation path(IHS)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111125588920928\u0026w=2"
},
{
"name": "20050318 runcms installation path",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111117182417422\u0026w=2"
},
{
"name": "ciamos-viewcat-path-disclosure(19755)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19755"
},
{
"name": "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf",
"refsource": "MISC",
"url": "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf"
},
{
"name": "14641",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14641"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0827",
"datePublished": "2005-03-22T05:00:00.000Z",
"dateReserved": "2005-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:28:28.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0828 (GCVE-0-2005-0828)
Vulnerability from cvelistv5 – Published: 2005-03-22 05:00 – Updated: 2024-08-07 21:28
VLAI
Summary
highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1013485 | vdb-entryx_refsource_SECTRACK |
| http://marc.info/?l=bugtraq&m=111125645312693&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/14890 | vdb-entryx_refsource_OSVDB |
| http://www.ihsteam.com/download/advisory/Exoops%2… | x_refsource_MISC |
| http://www.securityfocus.com/bid/12848 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/14648 | third-party-advisoryx_refsource_SECUNIA |
| http://marc.info/?l=bugtraq&m=111117241923006&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.ihsteam.com/download/sections/runcms%2… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/14641 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2005-03-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:28.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1013485",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013485"
},
{
"name": "20050319 Ciamos Highlight.php Security Hole(IHS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111125645312693\u0026w=2"
},
{
"name": "14890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/14890"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt"
},
{
"name": "12848",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12848"
},
{
"name": "14648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14648"
},
{
"name": "20050318 runcms highlight.php hole",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111117241923006\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf"
},
{
"name": "ciamos-file-information-disclosure(19754)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19754"
},
{
"name": "14641",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14641"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1013485",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013485"
},
{
"name": "20050319 Ciamos Highlight.php Security Hole(IHS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111125645312693\u0026w=2"
},
{
"name": "14890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/14890"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt"
},
{
"name": "12848",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12848"
},
{
"name": "14648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14648"
},
{
"name": "20050318 runcms highlight.php hole",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111117241923006\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf"
},
{
"name": "ciamos-file-information-disclosure(19754)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19754"
},
{
"name": "14641",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14641"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013485",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013485"
},
{
"name": "20050319 Ciamos Highlight.php Security Hole(IHS)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111125645312693\u0026w=2"
},
{
"name": "14890",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/14890"
},
{
"name": "http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt",
"refsource": "MISC",
"url": "http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt"
},
{
"name": "12848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12848"
},
{
"name": "14648",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14648"
},
{
"name": "20050318 runcms highlight.php hole",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111117241923006\u0026w=2"
},
{
"name": "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf",
"refsource": "MISC",
"url": "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf"
},
{
"name": "ciamos-file-information-disclosure(19754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19754"
},
{
"name": "14641",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14641"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0828",
"datePublished": "2005-03-22T05:00:00.000Z",
"dateReserved": "2005-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:28:28.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}