{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-11-28T00:00:00", "descriptions": [{"lang": "en", "value": "search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-02-21T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.geeklog.net/article.php/geeklog-1.3.11sr3"}, {"name": "21398", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/21398"}, {"tags": ["x_refsource_MISC"], "url": "http://pridels0.blogspot.com/2005/11/geeklog-14x-full-path-disclosure-vuln.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-4026", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.geeklog.net/article.php/geeklog-1.3.11sr3", "refsource": "CONFIRM", "url": "http://www.geeklog.net/article.php/geeklog-1.3.11sr3"}, {"name": "21398", "refsource": "OSVDB", "url": "http://www.osvdb.org/21398"}, {"name": "http://pridels0.blogspot.com/2005/11/geeklog-14x-full-path-disclosure-vuln.html", "refsource": "MISC", "url": "http://pridels0.blogspot.com/2005/11/geeklog-14x-full-path-disclosure-vuln.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-4026", "datePublished": "2005-12-05T11:00:00", "dateReserved": "2005-12-05T00:00:00", "dateUpdated": "2006-02-21T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:geeklog:geeklog:*:*:*:*:*:*:*:*", "matchCriteriaId": "6195A0F8-DC1D-4239-94C9-4FD35C4EF4E9", "versionEndIncluding": "1.3.11", "versionStartIncluding": "1.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:geeklog:geeklog:1.3.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "A08FCCA2-886A-4B8B-B3E5-0A62C8E58B43", "vulnerable": true}, {"criteria": "cpe:2.3:a:geeklog:geeklog:1.3.11:sr1:*:*:*:*:*:*", "matchCriteriaId": "B7B2FCD0-5295-4E27-A9AB-4E55CDC4CAF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:geeklog:geeklog:1.3.11:sr2:*:*:*:*:*:*", "matchCriteriaId": "25E45D9D-ADAF-427F-9B77-FCA02EC0E489", "vulnerable": true}, {"criteria": "cpe:2.3:a:geeklog:geeklog:1.4.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "7B874DF3-F79C-4AA7-9FDE-3AEF62D3AFF8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message."}], "id": "CVE-2005-4026", "lastModified": "2018-09-27T21:39:53.500", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-12-05T11:03:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://pridels0.blogspot.com/2005/11/geeklog-14x-full-path-disclosure-vuln.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.geeklog.net/article.php/geeklog-1.3.11sr3"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.osvdb.org/21398"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}