CVE-2005-3927
published 2005-11-30CVE-2005-3927: Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via (1) the meskin parameter…
PriorityP337medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
8.79%
94.5th percentile
Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng parameter to the in admin/inc scripts (2) archbatch.php, (3) dbbatch.php, and (4) nwlmail.php.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| guppy | guppy | — | — |
| guppy | guppy | — | — |
| guppy | guppy | — | — |
| guppy | guppy | — | — |
| guppy | guppy | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
GuppY 4.5 - 'editorTypetool.php?meskin' Traversal Arbitrary File Access
exploitdb·2005-11-28
CVE-2005-3927 GuppY 4.5 - 'editorTypetool.php?meskin' Traversal Arbitrary File Access
GuppY 4.5 - 'editorTypetool.php?meskin' Traversal Arbitrary File Access
---
source: https://www.securityfocus.com/bid/15610/info
GuppY is affected by multiple local file include and information disclosure vulnerabilities.
An attacker may leverage these issues to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access.
It should be noted that these issues may also be leveraged to read arbitrary files on an affected computer with the privileges of the Web server. An attacker can employ directory traversal sequences and NULL characters to disclose arbitrary files.
GuppY 4.5.9 and prior versions are vulnerable.
http://www.example.com/[path_to_guppy]/admin/editorTypet
Exploit-DB
GuppY 4.5 - 'archbatch.php?lng' Traversal Arbitrary File Access
exploitdb·2005-11-28
CVE-2005-3927 GuppY 4.5 - 'archbatch.php?lng' Traversal Arbitrary File Access
GuppY 4.5 - 'archbatch.php?lng' Traversal Arbitrary File Access
---
source: https://www.securityfocus.com/bid/15610/info
GuppY is affected by multiple local file include and information disclosure vulnerabilities.
An attacker may leverage these issues to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access.
It should be noted that these issues may also be leveraged to read arbitrary files on an affected computer with the privileges of the Web server. An attacker can employ directory traversal sequences and NULL characters to disclose arbitrary files.
GuppY 4.5.9 and prior versions are vulnerable.
http://www.example.com/[path_to_guppy]/admin/inc/archbatch.php?l
Exploit-DB
GuppY 4.5 - 'dbbatch.php?lng' Traversal Arbitrary File Access
exploitdb·2005-11-28
CVE-2005-3927 GuppY 4.5 - 'dbbatch.php?lng' Traversal Arbitrary File Access
GuppY 4.5 - 'dbbatch.php?lng' Traversal Arbitrary File Access
---
source: https://www.securityfocus.com/bid/15610/info
GuppY is affected by multiple local file include and information disclosure vulnerabilities.
An attacker may leverage these issues to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access.
It should be noted that these issues may also be leveraged to read arbitrary files on an affected computer with the privileges of the Web server. An attacker can employ directory traversal sequences and NULL characters to disclose arbitrary files.
GuppY 4.5.9 and prior versions are vulnerable.
http://www.example.com/[path_to_guppy]/admin/inc/dbbatch.php?lng=.
Exploit-DB
GuppY 4.5 - 'nwlmail.php?lng' Traversal Arbitrary File Access
exploitdb·2005-11-28
CVE-2005-3927 GuppY 4.5 - 'nwlmail.php?lng' Traversal Arbitrary File Access
GuppY 4.5 - 'nwlmail.php?lng' Traversal Arbitrary File Access
---
source: https://www.securityfocus.com/bid/15610/info
GuppY is affected by multiple local file include and information disclosure vulnerabilities.
An attacker may leverage these issues to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access.
It should be noted that these issues may also be leveraged to read arbitrary files on an affected computer with the privileges of the Web server. An attacker can employ directory traversal sequences and NULL characters to disclose arbitrary files.
GuppY 4.5.9 and prior versions are vulnerable.
http://www.example.com/[path_to_guppy]/admin/inc/nwlmail.php?lng=.
No writeups or analysis indexed.
http://rgod.altervista.org/guppy459_xpl.htmlhttp://secunia.com/advisories/17790http://securityreason.com/securityalert/212http://securitytracker.com/id?1015279http://www.securityfocus.com/archive/1/417899/100/0/threadedhttp://www.securityfocus.com/bid/15610http://www.vupen.com/english/advisories/2005/2635https://exchange.xforce.ibmcloud.com/vulnerabilities/23319http://rgod.altervista.org/guppy459_xpl.htmlhttp://secunia.com/advisories/17790http://securityreason.com/securityalert/212http://securitytracker.com/id?1015279http://www.securityfocus.com/archive/1/417899/100/0/threadedhttp://www.securityfocus.com/bid/15610http://www.vupen.com/english/advisories/2005/2635https://exchange.xforce.ibmcloud.com/vulnerabilities/23319
2005-11-30
Published