CVE-2005-3645 Information

Description

phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php and if display_errors is enabled (2) lib-updates.inc.php (3) lib-targetstats.inc.php (4) lib-size.inc.php (5) lib-misc-stats.inc.php (6) lib-hourly-hosts.inc.php (7) lib-hourly.inc.php (8) lib-history.inc.php and (9) graph-daily.php.

Reference

http://marc.info/?l=bugtraq&m=113165036315035&w=2 http://seclists.org/lists/bugtraq/2005/Nov/0189.html http://secunia.com/advisories/17464/ http://securityreason.com/securityalert/171 http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942 http://www.fitsec.com/advisories/FS-05-01.txt http://www.osvdb.org/20735 http://www.osvdb.org/20736 http://www.osvdb.org/20737 http://www.osvdb.org/20738 http://www.osvdb.org/20739 http://www.osvdb.org/20740 http://www.osvdb.org/20741 http://www.osvdb.org/20742 http://www.osvdb.org/20743 http://www.vupen.com/english/advisories/2005/2380 https://exchange.xforce.ibmcloud.com/vulnerabilities/23043 phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php and if display_errors is enabled (2) lib-updates.inc.php (3) lib-targetstats.inc.php (4) lib-size.inc.php (5) lib-misc-stats.inc.php (6) lib-hourly-hosts.inc.php (7) lib-hourly.inc.php (8) lib-history.inc.php and (9) graph-daily.php.