CVE-2005-3645 - OpenCVE

phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Phpadsnew	Phpadsnew
Phppgads	Phppgads

Configuration 1 [-]

OR	cpe:2.3:a:phpadsnew:phpadsnew:2.0.4_pr1:::::::*
	cpe:2.3:a:phpadsnew:phpadsnew:2.0.5:::::::*
	cpe:2.3:a:phpadsnew:phpadsnew:2.0.6:::::::*
	cpe:2.3:a:phpadsnew:phpadsnew:2.0_beta5:::::::*
	cpe:2.3:a:phpadsnew:phpadsnew:2.0_beta6:::::::*
	cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-09-30:::::::*
	cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-10-09:::::::*
	cpe:2.3:a:phppgads:phppgads:2.0.6:::::::*

References

Link	Resource
http://marc.info/?l=bugtraq&m=113165036315035&w=2
http://seclists.org/lists/bugtraq/2005/Nov/0189.html
http://secunia.com/advisories/17464/	Patch Vendor Advisory
http://securityreason.com/securityalert/171
http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942
http://www.fitsec.com/advisories/FS-05-01.txt	Vendor Advisory
http://www.osvdb.org/20735
http://www.osvdb.org/20736
http://www.osvdb.org/20737
http://www.osvdb.org/20738
http://www.osvdb.org/20739
http://www.osvdb.org/20740
http://www.osvdb.org/20741
http://www.osvdb.org/20742
http://www.osvdb.org/20743
http://www.vupen.com/english/advisories/2005/2380	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/23043

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-11-17T11:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-11-17T00:00:00

Link: CVE-2005-3645

JSON object: View

NVD Information

Status : Modified

Published: 2005-11-17T11:02:00.000

Modified: 2017-07-11T01:33:15.813

Link: CVE-2005-3645

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-11-10T00:00:00", "descriptions": [{"lang": "en", "value": "phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.fitsec.com/advisories/FS-05-01.txt"}, {"name": "20740", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/20740"}, {"name": "20743", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/20743"}, {"name": "20051110 [FS-05-01] Multiple vulnerabilities in phpAdsNew", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=113165036315035&w=2"}, {"name": "20737", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/20737"}, {"name": "17464", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17464/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942"}, {"name": "20739", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/20739"}, {"name": "20735", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/20735"}, {"name": "20051115 [PHPADSNEW-SA-2005-002] phpAdsNew and phpPgAds 2.0.7 fix multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://seclists.org/lists/bugtraq/2005/Nov/0189.html"}, {"name": "171", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/171"}, {"name": "20738", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/20738"}, {"name": "20741", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/20741"}, {"name": "phpadsnew-multiple-path-disclosure(23043)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23043"}, {"name": "ADV-2005-2380", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2380"}, {"name": "20742", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/20742"}, {"name": "20736", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/20736"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-3645", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.fitsec.com/advisories/FS-05-01.txt", "refsource": "MISC", "url": "http://www.fitsec.com/advisories/FS-05-01.txt"}, {"name": "20740", "refsource": "OSVDB", "url": "http://www.osvdb.org/20740"}, {"name": "20743", "refsource": "OSVDB", "url": "http://www.osvdb.org/20743"}, {"name": "20051110 [FS-05-01] Multiple vulnerabilities in phpAdsNew", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=113165036315035&w=2"}, {"name": "20737", "refsource": "OSVDB", "url": "http://www.osvdb.org/20737"}, {"name": "17464", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17464/"}, {"name": "http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942"}, {"name": "20739", "refsource": "OSVDB", "url": "http://www.osvdb.org/20739"}, {"name": "20735", "refsource": "OSVDB", "url": "http://www.osvdb.org/20735"}, {"name": "20051115 [PHPADSNEW-SA-2005-002] phpAdsNew and phpPgAds 2.0.7 fix multiple vulnerabilities", "refsource": "BUGTRAQ", "url": "http://seclists.org/lists/bugtraq/2005/Nov/0189.html"}, {"name": "171", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/171"}, {"name": "20738", "refsource": "OSVDB", "url": "http://www.osvdb.org/20738"}, {"name": "20741", "refsource": "OSVDB", "url": "http://www.osvdb.org/20741"}, {"name": "phpadsnew-multiple-path-disclosure(23043)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23043"}, {"name": "ADV-2005-2380", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2380"}, {"name": "20742", "refsource": "OSVDB", "url": "http://www.osvdb.org/20742"}, {"name": "20736", "refsource": "OSVDB", "url": "http://www.osvdb.org/20736"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-3645", "datePublished": "2005-11-17T11:00:00", "dateReserved": "2005-11-17T00:00:00", "dateUpdated": "2017-07-10T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0.4_pr1:*:*:*:*:*:*:*", "matchCriteriaId": "4B033DF7-892C-4257-986E-E717C89053DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "52CE9A50-87BA-4BEC-9076-9E0C24B2E972", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "8259F494-DF09-40A0-8D4C-6C1892FDF598", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0_beta5:*:*:*:*:*:*:*", "matchCriteriaId": "4DC61A97-7253-4ED3-A01F-8F76E77C391A", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2.0_beta6:*:*:*:*:*:*:*", "matchCriteriaId": "0C79911F-DF47-4794-B2D4-8EF23D05E350", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-09-30:*:*:*:*:*:*:*", "matchCriteriaId": "282BB921-4677-44C8-B21A-B3F3D11FA5D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-10-09:*:*:*:*:*:*:*", "matchCriteriaId": "0B27D5E0-0A62-407E-9597-F9B6E79BE929", "vulnerable": true}, {"criteria": "cpe:2.3:a:phppgads:phppgads:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "B9B2B92E-5A28-4E0C-A3C9-37E6E6770314", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php."}, {"lang": "es", "value": "phpAdsNew y phpPgAds 2.0.6, y posiblemente versiones anteriores, permiten a atacantes remotos obtener la ruta de instalaci\u00f3n de aplicaciones y otra informaci\u00f3n sensible mediante peticiones directas a (1) create.php, y si la visualizaci\u00f3n de errores est\u00e1 activada, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, y (9) graph-daily.php."}], "evaluatorSolution": "Upgrade to phpAdsNew version 2.0.7 :\r\nhttp://sourceforge.net/project/showfiles.php?group_id=11386\r\n\r\nUpgrade to phpPgAds version 2.0.7 :\r\nhttp://sourceforge.net/project/showfiles.php?group_id=36679\r\n\r\n", "id": "CVE-2005-3645", "lastModified": "2017-07-11T01:33:15.813", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-11-17T11:02:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=113165036315035&w=2"}, {"source": "cve@mitre.org", "url": "http://seclists.org/lists/bugtraq/2005/Nov/0189.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/17464/"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/171"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.fitsec.com/advisories/FS-05-01.txt"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/20735"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/20736"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/20737"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/20738"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/20739"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/20740"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/20741"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/20742"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/20743"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2005/2380"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23043"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}