CVE-2005-3156 - Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy for Windows) 4.5.4 and 4.5.5 a

CVE-2005-3156

Summary

Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy for Windows) 4.5.4 and 4.5.5 allows remote attackers to read arbitrary files via ".." sequences in the pg parameter, which is cleansed for XSS but not directory traversal.

References

http://marc.info/?l=bugtraq&m=112812059917394&w=2

Vulnerable Configurations

cpe:2.3:a:easyguppy:easyguppy:4.5.4:*:*:*:*:*:*:*
cpe:2.3:a:easyguppy:easyguppy:4.5.4:*:*:*:*:*:*:*
cpe:2.3:a:easyguppy:easyguppy:4.5.5:*:*:*:*:*:*:*
cpe:2.3:a:easyguppy:easyguppy:4.5.5:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 18-10-2016 - 03:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

refmap via4

bugtraq

20050930 BID #14752 update

Last major update

18-10-2016 - 03:33

Published

05-10-2005 - 23:02

Last modified

18-10-2016 - 03:33