Executive Summary

Informations
Name CVE-2005-2256 First vendor Publication 2005-07-13
Vendor Cve Last vendor Modification 2008-09-05

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2256

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-72 URL Encoding

CWE : Common Weakness Enumeration

% Id Name

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 6

OpenVAS Exploits

Date Description
2008-09-04 Name : FreeBSD Ports: phppgadmin
File : nvt/freebsd_phppgadmin.nasl
2008-01-17 Name : Debian Security Advisory DSA 759-1 (phppgadmin)
File : nvt/deb_759_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
17758 phpPgAdmin index.php formLanguage Parameter Local File Inclusion

phpPgAdmin contains a flaw that allows a remote attacker to include files outside of the web path. The issue is due to the index.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the formLanguage variable.

Nessus® Vulnerability Scanner

Date Description
2005-08-01 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_88188a8ceff611d983100001020eed82.nasl - Type : ACT_GATHER_INFO
2005-07-18 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-759.nasl - Type : ACT_GATHER_INFO
2005-07-07 Name : The remote web server contains a PHP script that is affected by a local file ...
File : phppgadmin_formlanguage_dir_traversal.nasl - Type : ACT_ATTACK

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/14142
CONFIRM http://sourceforge.net/project/shownotes.php?release_id=342261
DEBIAN http://www.debian.org/security/2005/dsa-759
MISC http://www.vuxml.org/freebsd/88188a8c-eff6-11d9-8310-0001020eed82.html
MLIST http://archives.neohapsis.com/archives/dailydave/2005-q3/0010.html
SECTRACK http://securitytracker.com/id?1014414
SECUNIA http://secunia.com/advisories/15941
http://secunia.com/advisories/16116

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2021-05-04 12:03:03
  • Multiple Updates
2021-04-22 01:03:20
  • Multiple Updates
2020-05-23 00:16:41
  • Multiple Updates
2016-04-26 13:39:59
  • Multiple Updates
2014-02-17 10:32:06
  • Multiple Updates
2013-05-11 11:28:37
  • Multiple Updates