FKIE_CVE-2005-3645

Vulnerability from fkie_nvd - Published: 2005-11-17 11:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php.
References
cve@mitre.orghttp://marc.info/?l=bugtraq&m=113165036315035&w=2
cve@mitre.orghttp://seclists.org/lists/bugtraq/2005/Nov/0189.html
cve@mitre.orghttp://secunia.com/advisories/17464/Patch, Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/171
cve@mitre.orghttp://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942
cve@mitre.orghttp://www.fitsec.com/advisories/FS-05-01.txtVendor Advisory
cve@mitre.orghttp://www.osvdb.org/20735
cve@mitre.orghttp://www.osvdb.org/20736
cve@mitre.orghttp://www.osvdb.org/20737
cve@mitre.orghttp://www.osvdb.org/20738
cve@mitre.orghttp://www.osvdb.org/20739
cve@mitre.orghttp://www.osvdb.org/20740
cve@mitre.orghttp://www.osvdb.org/20741
cve@mitre.orghttp://www.osvdb.org/20742
cve@mitre.orghttp://www.osvdb.org/20743
cve@mitre.orghttp://www.vupen.com/english/advisories/2005/2380Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/23043
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=113165036315035&w=2
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/lists/bugtraq/2005/Nov/0189.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17464/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/171
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942
af854a3a-2127-422b-91ae-364da2661108http://www.fitsec.com/advisories/FS-05-01.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/20735
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/20736
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/20737
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/20738
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/20739
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/20740
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/20741
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/20742
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/20743
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/2380Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/23043
Impacted products
Vendor Product Version
phpadsnew phpadsnew 2.0.4_pr1
phpadsnew phpadsnew 2.0.5
phpadsnew phpadsnew 2.0.6
phpadsnew phpadsnew 2.0_beta5
phpadsnew phpadsnew 2.0_beta6
phpadsnew phpadsnew 2_dev_2001-09-30
phpadsnew phpadsnew 2_dev_2001-10-09
phppgads phppgads 2.0.6
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0.4_pr1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B033DF7-892C-4257-986E-E717C89053DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "52CE9A50-87BA-4BEC-9076-9E0C24B2E972",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8259F494-DF09-40A0-8D4C-6C1892FDF598",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0_beta5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DC61A97-7253-4ED3-A01F-8F76E77C391A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0_beta6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C79911F-DF47-4794-B2D4-8EF23D05E350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-09-30:*:*:*:*:*:*:*",
              "matchCriteriaId": "282BB921-4677-44C8-B21A-B3F3D11FA5D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-10-09:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B27D5E0-0A62-407E-9597-F9B6E79BE929",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phppgads:phppgads:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9B2B92E-5A28-4E0C-A3C9-37E6E6770314",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php."
    },
    {
      "lang": "es",
      "value": "phpAdsNew y phpPgAds 2.0.6, y posiblemente versiones anteriores, permiten a atacantes remotos obtener la ruta de instalaci\u00f3n de aplicaciones y otra informaci\u00f3n sensible mediante peticiones directas a (1) create.php, y si la visualizaci\u00f3n de errores est\u00e1 activada, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, y (9) graph-daily.php."
    }
  ],
  "evaluatorSolution": "Upgrade to phpAdsNew version 2.0.7 :\r\nhttp://sourceforge.net/project/showfiles.php?group_id=11386\r\n\r\nUpgrade to phpPgAds version 2.0.7 :\r\nhttp://sourceforge.net/project/showfiles.php?group_id=36679\r\n\r\n",
  "id": "CVE-2005-3645",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-11-17T11:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=113165036315035\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/lists/bugtraq/2005/Nov/0189.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17464/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/171"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sourceforge.net/project/shownotes.php?group_id=36679\u0026release_id=370942"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.fitsec.com/advisories/FS-05-01.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/20735"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/20736"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/20737"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/20738"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/20739"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/20740"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/20741"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/20742"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/20743"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2005/2380"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=113165036315035\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/lists/bugtraq/2005/Nov/0189.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17464/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/project/shownotes.php?group_id=36679\u0026release_id=370942"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.fitsec.com/advisories/FS-05-01.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/20735"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/20736"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/20737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/20738"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/20739"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/20740"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/20741"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/20742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/20743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2005/2380"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23043"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.