CVE-2005-1201 Information

Feb 14, 2021 cve

Description

Multiple directory traversal vulnerabilities in AZ Bulletin board (AZbb) before 1.0.08 allow (1) remote authenticated users with administrative privileges to delete arbitrary files via a .. (dot dot) in the URL to admin_avatar.php or admin_attachment.php or (2) remote attackers to enumerate files via a .. (dot dot) in the attachment parameter to attachment.php which displays a different message when a file exists or does not exist.

Reference

http://azbb.cyaccess.com/azbb.php?1091778548 http://marc.info/?l=bugtraq&m=111401838521857&w=2 http://secunia.com/advisories/15013 http://www.gulftech.org/?node=research&article_id=00068-04192005 http://www.osvdb.org/15701 http://www.osvdb.org/15702 https://exchange.xforce.ibmcloud.com/vulnerabilities/20180 https://exchange.xforce.ibmcloud.com/vulnerabilities/20183

Share on: