CVE-2005-0258

Related Files

Gentoo Linux Security Advisory 200503-2

Posted Mar 3, 2005

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200503-02 - It was discovered that phpBB contains a flaw in the session handling code and a path disclosure bug. AnthraX101 discovered that phpBB allows local users to read arbitrary files, if the Enable remote avatars and Enable avatar uploading options are set (CVE-2005-0259). He also found out that incorrect input validation in usercp_avatar.php and usercp_register.php makes phpBB vulnerable to directory traversal attacks, if the Gallery avatars setting is enabled (CVE-2005-0258). Versions less than 2.0.13 are affected.

tags | advisory, remote, arbitrary, local, php

systems | linux, gentoo

advisories | CVE-2005-0258, CVE-2005-0259

SHA-256 | b4cb2c0bc5261f26b321b308ca3bb029882790cb78626aa79aa2b52c25a7c28a

Download | Favorite | View

iDEFENSE Security Advisory 2005-02-22.2

Posted Feb 26, 2005

Authored by iDefense Labs, AnthraX101 | Site idefense.com

iDEFENSE Security Advisory 02.22.05 - Remote exploitation of an input validation vulnerability in the phpBB Group's phpBB2 bulletin board system allows attackers to unlink (delete) arbitrary system files under the privileges of the web server.

tags | advisory, remote, web, arbitrary

advisories | CVE-2005-0258

SHA-256 | 8a6f19eb9ba57da2748ca989db18c6ee62630c633912223b282be4427a4d42ef

Download | Favorite | View