CVE-2005-0854
published 2005-05-02CVE-2005-0854: betaparticle blog (bp blog), posisbly before version 4, allows remote attackers to bypass authentication and (1) upload files via a direct request to…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.50%
87.7th percentile
betaparticle blog (bp blog), posisbly before version 4, allows remote attackers to bypass authentication and (1) upload files via a direct request to upload.asp or (2) delete files via a direct request to myFiles.asp.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| betaparticle | betaparticle_blog | — | — |
| betaparticle | betaparticle_blog | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
BetaParticle blog 2.0/3.0 - 'myFiles.asp' File Manipulation
exploitdb·2005-03-21
CVE-2005-0854 BetaParticle blog 2.0/3.0 - 'myFiles.asp' File Manipulation
BetaParticle blog 2.0/3.0 - 'myFiles.asp' File Manipulation
---
source: https://www.securityfocus.com/bid/12861/info
betaparticle blog is reported prone to multiple vulnerabilities. The following individual issues are reported:
It is reported that betaparticle blog fails to sufficiently secure the authentication credential database. A remote attacker may exploit this vulnerability to download and disclose the contents of the credential database.
This issue is reported to affect betaparticle blog prior to and including version 3.0.
It is reported that several betaparticle blog scripts may be accessed by a remote unauthenticated attacker and may be employed to upload and delete arbitrary Web server accessible files. A remote attacker may exploit leverage these scripts to deny service f
Exploit-DB
BetaParticle blog 2.0/3.0 - 'upload.asp' Arbitrary File Upload
exploitdb·2005-03-21
CVE-2005-0854 BetaParticle blog 2.0/3.0 - 'upload.asp' Arbitrary File Upload
BetaParticle blog 2.0/3.0 - 'upload.asp' Arbitrary File Upload
---
source: https://www.securityfocus.com/bid/12861/info
betaparticle blog is reported prone to multiple vulnerabilities. The following individual issues are reported:
It is reported that betaparticle blog fails to sufficiently secure the authentication credential database. A remote attacker may exploit this vulnerability to download and disclose the contents of the credential database.
This issue is reported to affect betaparticle blog prior to and including version 3.0.
It is reported that several betaparticle blog scripts may be accessed by a remote unauthenticated attacker and may be employed to upload and delete arbitrary Web server accessible files. A remote attacker may exploit leverage these scripts to deny servic
No writeups or analysis indexed.
http://blog.betaparticle.com/template_permalink.asp?id=68http://seclists.org/lists/bugtraq/2005/Mar/0360.htmlhttp://secunia.com/advisories/14668http://www.securityfocus.com/bid/12861https://exchange.xforce.ibmcloud.com/vulnerabilities/19781http://blog.betaparticle.com/template_permalink.asp?id=68http://seclists.org/lists/bugtraq/2005/Mar/0360.htmlhttp://secunia.com/advisories/14668http://www.securityfocus.com/bid/12861https://exchange.xforce.ibmcloud.com/vulnerabilities/19781
2005-05-02
Published