[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256288

 
 

909

 
 

199146

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-3123Date: (C)2005-10-30   (M)2023-12-22


Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1015118
SREASON-127
BID-15228
SECUNIA-17351
SECUNIA-17559
OSVDB-20360
ADV-2005-2242
DSA-877
SUSE-SR:2005:027
SUSE-SR:2005:028
http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html

CPE    6
cpe:/a:gnu:gnump3d:2.9.4
cpe:/a:gnu:gnump3d:2.9.3
cpe:/a:gnu:gnump3d:2.9.5
cpe:/a:gnu:gnump3d:2.9
...

© SecPod Technologies