CVE-2005-3484 - Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier allows remote attackers to read arb

CVE-2005-3484

Summary

Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier allows remote attackers to read arbitrary files with certain file extensions (such as ZIP, AVI, JPG, TXT, and HTML) via ".." and hex-encoded (1) slash "/" ("%2f") or (2) backslash "\" ("%5c") sequences.

References

Vulnerable Configurations

cpe:2.3:a:nero:neronet:-:*:*:*:*:*:*:*
cpe:2.3:a:nero:neronet:-:*:*:*:*:*:*:*
cpe:2.3:a:nero:neronet:1.2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:nero:neronet:1.2.0.2:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 18-10-2016 - 03:35)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	15288
fulldisc	20051102 Limited directory traversal in NeroNET 1.2.0.2
misc	http://aluigi.altervista.org/adv/neronet-adv.txt
secunia	17421
vupen	ADV-2005-2287

Last major update

18-10-2016 - 03:35

Published

03-11-2005 - 22:02

Last modified

18-10-2016 - 03:35