CVE-2005-2609 Information

Description

index.php in VegaDNS 0.8.1 0.9.8 and possibly other versions allows remote attackers to obtain the full server path via an invalid VDNS_Sessid parameter.

Reference

http://secunia.com/advisories/16370 http://vegadns.org/src/current/CHANGELOG http://www.packetstormsecurity.org/0508-exploits/vegadns-dyn0.txt