Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2005-0380 | First vendor Publication | 2005-05-02 |
| Vendor | Cve | Last vendor Modification | 2024-11-20 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple PHP remote file inclusion vulnerabilities in (1) print_category.php, (2) login.php, (3) setup.php, (4) ask_password.php, or (5) error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0380 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 4 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2005-11-03 | Name : Zeroboard flaws (2) File : nvt/zeroboard_flaws2.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 12932 | ZeroBoard error.php dir Parameter Remote File Inclusion ZeroBoard contains a flaw that may allow a remote attacker to execute arbritary commands. The issue is due to 'error.php' script not properly sanitizing user input supplied to the 'dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script. |
| 12931 | ZeroBoard ask_password.php dir Parameter Remote File Inclusion ZeroBoard contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'ask_password.php' script not properly sanitizing user input supplied to the 'dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script. |
| 12930 | ZeroBoard setup.php dir Parameter Remote File Inclusion ZeroBoard contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'setup.php' script not properly sanitizing user input supplied to the 'dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script. |
| 12929 | ZeroBoard login.php dir Parameter Remote File Inclusion ZeroBoard contains a flaw that may allow a remote attacker to execute arbritary commands. The issue is due to 'login.php' script not properly sanitizing user input supplied to the 'dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script. |
| 12928 | ZeroBoard print_category.php dir Parameter Remote File Inclusion ZeroBoard contains a flaw that may allow a remote attacker to execute arbritary commands. The issue is due to 'print_category.php' script not properly sanitizing user input supplied to the 'dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2005-01-17 | Name : The remote web server contains several PHP scripts that are prone to arbitrar... File : zeroboard_flaws2.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:22:18 |
|
| 2024-11-28 12:06:46 |
|
| 2021-05-04 12:02:46 |
|
| 2021-04-22 01:02:59 |
|
| 2020-05-23 00:16:20 |
|
| 2017-07-11 12:01:49 |
|
| 2016-10-18 12:01:35 |
|
| 2016-06-28 15:14:46 |
|
| 2016-04-26 13:17:04 |
|
| 2014-02-17 10:30:04 |
|
| 2013-05-11 11:21:11 |
|
