Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2005-1698 | First vendor Publication | 2005-05-24 |
| Vendor | Cve | Last vendor Modification | 2024-11-20 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, or (9) button.php in the pnblocks directory in the Blocks module, (10) config.php in the NS-Multisites (aka Multisites) module, or (11) xmlrpc.php, which reveals the path in an error message. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1698 |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-87 | Forceful Browsing |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-425 | Direct Request ('Forced Browsing') |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-04 | Name : FreeBSD Ports: postnuke File : nvt/freebsd_postnuke1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 20692 | PostNuke Blocks Module finclude.php Direct Request Path Disclosure |
| 20691 | PostNuke Blocks Module menu.php Direct Request Path Disclosure |
| 20690 | PostNuke Blocks Module html.php Direct Request Path Disclosure |
| 20689 | PostNuke Blocks Module text.php Direct Request Path Disclosure |
| 20688 | PostNuke Blocks Module thelang.php Direct Request Path Disclosure |
| 20687 | PostNuke Xanthia Module theme.php Direct Request Path Disclosure |
| 16795 | PostNuke xmlrpc.php Path Disclosure |
| 16794 | PostNuke NS/Multisites Module config.php Path Disclosure |
| 16793 | PostNuke Blocks Module button.php Call Path Disclosure |
| 16792 | PostNuke Xanthia Module Xanthia.php Path Disclosure |
| 16782 | PostNuke user.php Path Disclosure |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-05-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_0274a9f1075911dabc080001020eed82.nasl - Type : ACT_GATHER_INFO |
| 2005-05-23 | Name : The remote web server contains a PHP script that is prone to several attacks. File : postnuke_0_760_rc3.nasl - Type : ACT_ATTACK |
Sources (Detail)
| Source | Url |
|---|
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:22:08 |
|
| 2024-11-28 12:07:06 |
|
| 2024-01-26 00:28:05 |
|
| 2021-05-04 12:02:59 |
|
| 2021-04-22 01:03:14 |
|
| 2020-05-23 00:16:35 |
|
| 2016-10-18 12:01:41 |
|
| 2014-02-17 10:31:32 |
|
| 2013-05-11 11:26:16 |
|
