CVE-2005-0259

Related Files

Gentoo Linux Security Advisory 200503-2

Posted Mar 3, 2005

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200503-02 - It was discovered that phpBB contains a flaw in the session handling code and a path disclosure bug. AnthraX101 discovered that phpBB allows local users to read arbitrary files, if the Enable remote avatars and Enable avatar uploading options are set (CVE-2005-0259). He also found out that incorrect input validation in usercp_avatar.php and usercp_register.php makes phpBB vulnerable to directory traversal attacks, if the Gallery avatars setting is enabled (CVE-2005-0258). Versions less than 2.0.13 are affected.

tags | advisory, remote, arbitrary, local, php

systems | linux, gentoo

advisories | CVE-2005-0258, CVE-2005-0259

SHA-256 | b4cb2c0bc5261f26b321b308ca3bb029882790cb78626aa79aa2b52c25a7c28a

Download | Favorite | View

iDEFENSE Security Advisory 2005-02-22.1

Posted Feb 26, 2005

Authored by iDefense Labs, AnthraX101 | Site idefense.com

iDEFENSE Security Advisory 02.22.05 - Remote exploitation of an input validation vulnerability in the phpBB Group's phpBB2 bulletin board system allows attackers to read the contents of arbitrary system files under the privileges of the webserver.

tags | advisory, remote, arbitrary

advisories | CVE-2005-0259

SHA-256 | 4ab9593103bf1ea38ef611234e57df93b7e8b9dd08dd4db923e59f22431edc8c

Download | Favorite | View